ProceXSS is an Asp.NET Http module to prevent to xss attacks.
C# JavaScript ASP HTML CSS
Switch branches/tags
Nothing to show
Latest commit 6a09d33 May 29, 2017 @ziyasal committed on GitHub Update README.md
Permalink
Failed to load latest commit information.
.nuget Project moved to Github Oct 11, 2012
ProceXSS.Sample.Mvc Code refactoring Feb 7, 2016
ProceXSS.Sample.WebForms Code refactoring Feb 7, 2016
ProceXSS typo Mar 8, 2017
.gitattributes Project moved to Github Oct 11, 2012
.gitignore typo Mar 8, 2017
ProceXSS.sln Code refactoring Feb 7, 2016
README.md Update README.md May 29, 2017
appveyor.yml Create appveyor.yml Jan 26, 2015

README.md

ProceXss

ProceXSS is an Asp.NET Http module to prevent to xss attacks.

Build status

Nuget Package Install-Package ProceXSS

Basic usage

Add following line below the node in web.config file

<section name="antiXssModuleSettings" type="ProceXSS.Configuration.XssConfigurationHandler, ProceXSS"/>

and add following configurations below the node ,

<antiXssModuleSettings redirectUrl="/home" log="False" mode="Ignore" isActive="True"
controlRegex="(javascript[^*(%3a)]*(\%3a|\:))
|(\%3C*|\&lt;)[\/]*script|(document[\.])
|(window[^a-zA-Z_0-9]*[\%2e|\.])|
(setInterval[^a-zA-Z_0-9]*(\%28|\())
|(setTimeout[^a-zA-Z_0-9]*(\%28|\())|(alert[^a-zA-Z_0-9]*(\%28|\())|
eval[^a-zA-Z_0-9]*(\%28|\()|(((\%3C) &lt;)[^\n]+((\%3E) &gt;))">
    <excludeUrls>
      <add name="url1" value="/"/>
      <add name="url2" value="/default.aspx"/>
    </excludeUrls>
</antiXssModuleSettings>

There are two options for mode property. These are Ignore and Redirect. When the redirect mode is active then the system will redirect the request to the value of RedirectUri.

Nuget package creates XSSConfig.cs to App_Start folder to register module dynamically.

[assembly: PreApplicationStartMethod(typeof(XSSConfig), "Start")]
namespace AcmeWeb.WebForms
{
    public class XSSConfig
    {
        public static void Start()
        {
            ProceXSSModule.SetLogger(new MyLogger()); //Register your ILogger implementation.
            Microsoft.Web.Infrastructure
                         .DynamicModuleHelper
                         .DynamicModuleUtility.RegisterModule(typeof(ProceXSSModule));
        }
    }
}

Or add the following configurations below <system.web>

<add name="ProceXSSModule" type="ProceXSS.ProceXSSModule, ProceXSS, Version=your assembly version, Culture=neutral" />

For more detailed information about XSS visit owasp web site