IMPORTANT!! Project moved to GitHub https://github.com/ziyasal/ProceXSS

ProceXSS is a Asp.NET Http module for preventing xss attacks.
Sample usage exist in a source code. Basic usage description is also available

Nuget Package http://nuget.org/packages/ProceXSS

Basic usage
Add following line below the node <configSections> in web.config file

<section name="antiXssModuleSettings" type="ProceXSS.Configuration.AntiXSSModuleConfigurationSectionHandler, ProceXSS"/>

and Add the following configurations below the node <configuration>,

<antiXssModuleSettings redirectUrl="/Default.aspx" log="False" mode="Ignore" isActive="True"
controlRegex="(javascript[^*(%3a)]*(\%3a|\:))|(\%3C*|\&lt;)[\/]*script|(document[\.])|(window[^a-zA-Z_0-9]*[\%2e|\.])|
(setInterval[^a-zA-Z_0-9]*(\%28|\())|(setTimeout[^a-zA-Z_0-9]*(\%28|\())|(alert[^a-zA-Z_0-9]*(\%28|\())|
eval[^a-zA-Z_0-9]*(\%28|\()|(((\%3C) &lt;)[^\n]+((\%3E) &gt;))">
    <excludeUrls>
      <add name="url1" value="/"/>
      <add name="url2" value="/default.aspx"/>
    </excludeUrls>
</antiXssModuleSettings>

There is a two option for mode property. These are Ignore and Redirect. When the redirect mode active system will redirect the request to value of RedirectUri.

And add the following configurations below <system.web> <httpModules>
<add name="AntiXSSModule" type="ProceXSS.AntiXSSModule, ProceXSS, Version=your assembly version, Culture=neutral" />

IMPORTANT: Log feature uses a NLog 3 Party. If log feature is active, to do this have to set NLog configuration. NLog documentation available on http://nlog-project.org/wiki/

Informations referenced from https://www.owasp.org/index.php/XSS

Nuget package available on https://nuget.org/packages/ProceXSS

Last edited Dec 11, 2012 at 9:30 PM by ziyasal, version 18