Friday, October 18, 2013

AntiXSS for Web API

Most people forget to protect their site from XSS attack.
They simply accepting the fact that the smart javascript libary (AngularJS) will protect them by escaping the json characters.

But how about your legacy site, it still allow your XSS script to harm innocent user.

Unfortunately AntiXSS library doesn't protect you with Double open angle brackets which can pass this script in especially if the client use firefox.

Here is the complete snippets

No comments: