---
title: "Cross-Site Script (XSS) Prevention"  
description: "Cross-site Scripting is a vulnerability, that’s typically found in web application. XSS enable attackers to inject malicious line of code like script"  
author: "Anonymous User"  
published: 2018-11-22  
updated: 2019-09-07  
canonical: https://www.mindstick.com/articles/23351/cross-site-script-xss-prevention  
category: "c#"  
tags: ["mvc", "software development", "visual studio", "ransomware", "xss", "cross-site scripting", "adware", "cross-site request forgery", "virus"]  
reading_time: 3 minutes  

---

# Cross-Site Script (XSS) Prevention

**Cross-site Scripting** is a vulnerability, that’s typically found in a **[web application](https://www.mindstick.com/interview/1126/does-silverlight-web-application-work-with-all-browsers)**. **XSS** enables attackers to inject the **malicious line of code like script into web pages.**

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/4f616a4c-0d78-4539-9785-c8ebc8287bb6.jpeg)\

It’s generally used by attackers to re-route access controls for UN-authorized activity or **Url’s redirection.**

Nowadays it’s a big issue in the web application. When an application affected with **XSS.** It’s really hard to find out the source of such activity. We need to verify a large amount of data carefully.

**But precaution is better than Cure**, So please follows these steps to prevent your web application by **XSS**:

1. First of all make sure you used only trusted line of code, dll’s, CDN, and also CSS class file. If you are not 100% sure about the functionality of any of them then remove.
2. Make sure you are not left blank the property of anchor tag or used the href with ‘#’. If you are used any of them then replace them with “return void(0)”.
3. The best way that I was found in asp.net application using c#. Use the AntiXSS dll's, a product of Microsoft. It’s specially designed for XSS prevention.

## Please follow below instruction to use them into your web application using MVC C#:

**1.** Go to solution explorer in visual studio.

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/7fdd7243-ba14-4642-80a2-1d96bc7f3757.png)

**2.** Click on your main project and go to Manage [Nuget Package](https://www.mindstick.com/forum/155814/what-is-nuget-package-management). \

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/eeb51081-32b7-45b3-93f6-1cd5c8057a36.png)\

**3.** Go to Online -> Seach AntiXSS -> Click on Install button.

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/fbc191a4-142e-4841-8e07-efbad738a25d.png)\

**4.** Now open reference folder in your main project and you see two **dll’s** named as “**AntiXSSLibrary**” and “**HtmlSanitizationLibrary**”.

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/0d874d1b-1520-42da-b62d-acc09b653231.png)\

**5.** Now Go to your controller and find a post method and insert all entity field value through these dll's methods to filter malicious line of code from your input fields.

## You can write your code like this:

![Cross-Site Script (XSS) Prevention](https://www.mindstick.com/mindstickarticle/73f1a467-06d3-4403-bae9-2fbae2c2e26a/images/e40af434-8859-47ab-9db4-a8e29611b403.png)\

It’s the best way to prevent malicious line of code through your input fields in your web application. Mainly attackers use your web application input fields to run the script in [your application](https://answers.mindstick.com/qa/97584/how-do-you-choose-the-correct-camera-for-your-application) and database.

There are some vulnerability types that are actually used for exploitation of malicious code and suspicious activities:

**A.** Denial of service

**B.** XML [external entity](https://www.mindstick.com/interview/941/when-constructing-an-xml-dtd-how-do-you-create-an-external-entity-reference-in-an-attribute-value)

**C.** Open redirect

**D.** General bypass

**E.** Authentication bypass

**F.** Remote file inclusion

**G.** Full path disclosure

**H.** Remote [code execution](https://www.mindstick.com/forum/12638/code-execution-after-activity-creation-in-android)

**I.** Local file inclusion

**J.** Cross-site [request forgery](https://answers.mindstick.com/qa/112056/how-do-i-prevent-cross-site-request-forgery-csrf-attacks-in-my-web-applications)

**K.** File upload

**L.** [SQL injection](https://www.mindstick.com/forum/160895/protect-sql-server-database-against-sql-injection-attacks)

**M.** Cross-site scripting

In the above list of vulnerability type, Cross-site Scripting is most harmful.

## *More details you can also visit following links:*

[https://www.mindstick.com/forum/34702/please-tell-me-what-is-cross-site-scripting-and-how-is-it-harmful-for-your-application](https://www.mindstick.com/forum/34702/please-tell-me-what-is-cross-site-scripting-and-how-is-it-harmful-for-your-application)

[http://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application](https://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application)

***Thanks!!! I Hope it's informative...***\

---

Original Source: https://www.mindstick.com/articles/23351/cross-site-script-xss-prevention

Copyright © MindStick Software Pvt. Ltd. This Markdown version is provided for developers, AI systems, and offline reading.
