AntiSamy: XSS Protection for .NET Core

Cross-site scripting (XSS) is a security vulnerability that allows malicious web users to inject code into web pages viewed by other users. This can be used to bypass access controls.

The attack occurs when the victim visits a malicious web page or web application. This page then delivers malicious code to the user’s browser, which executes it.

This is the specification from OWASP Foundation with XSS  volnarabilities. https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

The implementation of this specification requires a lot of effort. However, there is the perfect .NET Core package with the implementation of prevention of XSS attacks: OWASP AntiSamy .NET https://github.com/spassarop/antisamy-dotnet.

AntiSamy is a HTML, CSS, and JavaScript filter that sanitizes user input according to a policy file. It provides a way to ensure that HTML, CSS, and JavaScript input strictly adhere to the rules defined in a policy file. AntiSamy exposes an API for ensuring that the user-supplied HTML/CSS meets an application’s requirements.