我应该使用哪个 Anti-XSS 库? Microsoft XSS 4.0、Codeplex 上的 Web 保护库还是其他?
看来 Microsoft 今天更新了 Anti XSS 库:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651
此外,还有新版本的 Web 保护库
这两个下载的是同一个东西吗?我应该使用什么 XSS 库?
还有其他我应该考虑的吗?
Seems like Microsoft updated the Anti XSS library today:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651
In addition there is a new release of the Web Protection Library
Are these two downloads the same thing? What XSS library should I be using?
Are there others I should consider?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好吧,作为 WPL 所有者,我知道这有点令人困惑,因此
WPL 包含两个项目:AntiXSS 和安全运行时引擎。以前的版本安装了这两个版本,但实际上它们是完全独立的,而且 SRE 是一个正在进行的项目,正在进行重大重写,因此,在我对 SRE 进行更多研究时,我们决定不保留 AntiXSS 的最新更改,而是将它们分开并单独运输。
所以现在 msdownloads 上的 AntiXSS 4.0 是最新的编码库。
作为源代码推送的一部分,SRE 的最新源代码也将被推送 - 但是 SRE 仍在进行中,并且将保持一段时间,因此它只会在一段时间内作为源代码。
我们仍在尝试找出如何在 Codeplex 项目中最好地解决这个问题:)
Well, as the WPL owner these days I know it's a little confusing, so
The WPL contains two projects, AntiXSS and the Security Runtime Engine. Previous versions installed both, but really they're quite separate and the SRE is an ongoing project which is getting a major rewrite, so rather than hold up the latest changes to AntiXSS whilst I pottered around some more with the SRE we made the decision to split them out, and ship separately.
So right now AntiXSS 4.0 on msdownloads is the most up to date encoding library.
As part of the source push the latest source for the SRE will be pushed as well - however the SRE is still a work in progress, and will remain so for some time, so it'll be source only for a while.
We're still trying to figure out how best to address this in terms of codeplex projects :)
这是同样的事情。 WPL 包括 AntiXSS 和安全运行时引擎。
我正在将 Microsoft AntiXSS 库与我的 MVC2 应用程序一起使用。它集成得很好,并且不需要在视图中更改代码。
It is the same thing. WPL includes AntiXSS and Security Runtime Engine.
I'm using Microsoft AntiXSS library with my MVC2 application. It integrates nicely and requires no code changes in the views.