Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones.
ASP.NET developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from other encoding libraries in that it uses the principle of inclusions and provides a high degree of protection against XSS attacks.
Learn more about the Anti-Cross Site Scripting LibraryDownload the Anti-Cross Site Scripting LibraryFollow the tutorials
John
Hrvatin talked about
Web Development Tools for Internet Explorer at Microsoft
TechEd 2007 in Orlando. There, he introduced a tool called
Ajax View, developed by Microsoft Research.
Ajax View is able to profile a site’s JavaScript. It acts as a HTTP proxy that instruments JavaScript as it’s served to the client based on a set of rules defined by plug-ins. More
information and first release download
here, a good introduction
here.
... and ... don't bother me - I know, there is (at least) a smarter browser out there, with an immense and open ecosystem of
dev-
plugins... :-)