Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones.
ASP.NET developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from other encoding libraries in that it uses the principle of inclusions and provides a high degree of protection against XSS attacks.
Learn more about the Anti-Cross Site Scripting Library
Download the Anti-Cross Site Scripting Library
Follow the tutorials