ameliadev/ShieldXSSv1.0.3
.NET 8.0
Security middleware for XSS and SQL injection protection in ASP.NET Core
Get Started
$ dotnet add package ShieldXSSReadme
🛡️ ShieldXSS – ASP.NET Core Security Middleware
ShieldXSS is a lightweight, fast, and simple security middleware for ASP.NET Core (.NET 8/10) that provides essential protection against malicious input.
It is designed to be small, dependency-free, and extremely easy to integrate.
🚀 Features
- ✔️ XSS detection (regex-based)
- ✔️ SQL injection detection
- ✔️ IP-based rate limiting
- ✔️ Automatic security headers
- ✔️ Custom XSS / SQL patterns
- ✔️ Zero external dependencies
- ✔️ Optimized performance (LINQ-free hot path)
📦 Installation
.NET CLI
dotnet add package ShieldXSS
Package Manager
Install-Package ShieldXSS
Quick Start
1. Register ShieldXSS in Program.cs
builder.Services.AddShieldXSS(options =>
{
options.EnableXSSProtection = true;
options.EnableSQLInjectionProtection = true;
options.EnableRateLimiting = true;
options.MaxAttempts = 5;
options.TimeWindow = TimeSpan.FromMinutes(1);
options.BlockedResponseMessage = "Request blocked for security reasons";
});
2. Add the middleware
Use UseShieldXSS in the ASP.NET pipeline:
app.UseShieldXSS();
Usage with ConfigureServices / Configure
web.ConfigureServices(services =>
{
services.AddShieldXSS(options =>
{
options.EnableXSSProtection = true;
options.EnableSQLInjectionProtection = true;
options.EnableRateLimiting = true;
options.MaxAttempts = 20;
options.TimeWindow = TimeSpan.FromMinutes(1);
options.BlockedResponseMessage = "Access denied by ShieldXSS middleware.";
});
});
web.Configure(app =>
{
app.UseMiddleware<ShieldXSSMiddleware>();
});
⚙️ Configuration Options
EnableXSSProtection — enables XSS pattern detection
EnableSQLInjectionProtection — enables SQL injection detection
EnableRateLimiting — enables IP-based throttling
MaxAttempts — requests allowed per window
TimeWindow — rate-limit window duration
BlockedResponseMessage — message on blocked request
CustomXSSPatterns — additional XSS regex rules
CustomSQLPatterns — additional SQL regex rules
🧪 Attack Testing
XSS examples:
?q=<script>alert(1)</script>
?q=<img src=x onerror=alert(1)>
?q=javascript:alert(1)
?q=document.cookie
SQL injection examples: ?id=1 OR 1=1 ?id=10';DROP TABLE Users-- ?q=UNION SELECT username FROM users ?q=CHAR(65)+CHAR(66)