Microsoft Anti-Cross Site Scripting Library v1.5
Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones.
...
For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against XSS attacks and is suitable for Web applications with high security requirements.
.... read more here.
Download it here and give it a spin today. Plug all security holes in your website :)
Also check the detailed example of how to use it here!
Good job ACE :)
Read the complete post at http://dotnetjunkies.com/WebLog/sprout/archive/2007/03/06/208399.aspx