Project Description
Welcome to AntiXSS Experimental.

AntiXSS Experimental contains code for common encoders auto-generated using Microsoft Research's BEK project.

Welcome to the Encoder Experiment! This project makes available code for common Web sanitizers that has been auto-generated by the BEK project. The BEK project is a domain specific language for writing sanitizers, plus fast analysis of these sanitizers. When you're done with analysis, BEK can compile from the high level language to C# or JScript --and that's what we have in this project.

As to why analysis is useful...Have you ever wondered if a particular output is possible from a sanitizer? Have you ever wondered if the order matters when applying different sanitizers? Are you confused by the many special cases when writing a sanitizer and wish someone could give you a picture showing what is really going on? Check out BEK online at and try running analyses for yourself! Example: analysis of a UTF8 encoder.

This project, in turn, lets you pick up C# and JScript for common encoders that is the result of this BEK analysis. Then you can use these encoders in your own projects.

This is experimental so we welcome questions and comments. Feel free to use the discussion boards.

Last edited May 31, 2012 at 6:36 PM by veanesm, version 5