Invented here syndrome

2 thoughts on “Invented here syndrome

    • Hi Jay,

      I’m afraid to say, the AntiXSS module is now completely and hopelessly broken in this regard. I honestly haven’t found any good workarounds as long as AntiXSS is involved so we’ve built a module from scratch using HtmlAgilityPack and regex filtering attributes. The custom filtering takes place around lines 145 – 154 in my example.

      It’s not ideal, but it seems to work so far (our bit of code is tied up in licenses, but there are lots of examples out there of stripping unsafe chars).

      We’ve also moved on from the .Net framework lately. There were too many breaking changes, too many hurdles and, dare I say, too much bloat in lot of the web development tech Microsoft has put out to justify the time cost to developers. Our operation has since switched almost entirely to Python and PHP (yes, even PHP was more attractive here). These are just symptoms of a bigger cultural problem at Microsoft and I don’t know if things will ever change under new management.

      If you can at all move on from ASP.Net, I’d strongly recommend you do so. I already did.

      Good luck on your project!

      – e

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s