Build the Anti-Cross Site Scripting into ASP.NET Controls

I was just taking a look at the Microsoft Anti-Cross Site Scripting Library V1.0 that was released the other day. This is very useful.

While peering into the assembly's methods with Reflector it occurred to me that it would be great to incorporate this code directly into the next update of the ASP.NET Textbox control. You could have properties named TrapXSSHTML and TrapXSSUrl. When set to True, ASP.NET would apply the library's logic to the input.

It's great to have a library like this... it would be even greater if its security checks could be tied directly to the controls that make our web sites vulnerable.

I always remember Michael Howard's talk at an MVP Summit. He warned us to treat all input as evil. The Anti-Cross Site Scripting Library is one of those tools that helps us separate the evil from the valid.