What are the techniques that one can use to prevent cross site scripting in asp.net? Are there any non ready implementations that one can use to achieve a website protected against xss?
We did in-house development for this purpose for a long time, but finally Microsoft provided a library for it. We now replaced our library with this one completely. It can simply be used as follows:
string sanitizedString = Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(string myStringToBeChecked);
The only problem with this method is that it trims multiple whitespaces that are separated with line ending characters. If you do not want that to happen, you may consider splitting the string first with respect to line ending characters (\r\n), then calculate the number of whitespaces before and after these splitted strings, apply sanitizer, append whitespaces back and concatenate.
Other than that, Microsoft library works fine.