Home/ Questions/Q 46117
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T15:54:57+00:00

As a temporary quick fix to mitigate the major risk while working on the

  • 0

As a temporary quick fix to mitigate the major risk while working on the permanent fix for XSS Vulnerability in a very large code base, I’m looking for a pre-existing XSS prevention blacklist that does a reasonable job of protecting against XSS.

Preferably a set of Regular Expressions. I’m aware of plenty of cheat sheets for testing and smoke tests etc, what I’m looking for is pre-tuned regexps for blocking the attacks.

I am fully aware that the best way is output escaping or if you need some markup from users to use whitelisting. But, with the size of the code base, we need something in quick to reduce the immediate footprint of the vulnerability and raise the bar whilst working on the real solution.

Is anyone aware of a good set?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. I realise this may not be a direct answer to your question, but ASP.NET developers in a similar situation may find this useful:

    Microsoft Anti-Cross Site Scripting Library V1.5

    This library differs from most encoding libraries in that it uses the ‘principle of inclusions’ technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The principle of inclusions approach provides a high degree of protection against XSS attacks and is suitable for Web applications with high security requirements.

    • 0