ShieldXSS 1.0.3

.NET 8.0

dotnet add package ShieldXSS --version 1.0.3

NuGet\Install-Package ShieldXSS -Version 1.0.3

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="ShieldXSS" Version="1.0.3" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="ShieldXSS" Version="1.0.3" />
                    

                            Directory.Packages.props

<PackageReference Include="ShieldXSS" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add ShieldXSS --version 1.0.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: ShieldXSS, 1.0.3"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package ShieldXSS@1.0.3

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=ShieldXSS&version=1.0.3
                    

                            Install as a Cake Addin

#tool nuget:?package=ShieldXSS&version=1.0.3
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

🛡️ ShieldXSS – ASP.NET Core Security Middleware

ShieldXSS is a lightweight, fast, and simple security middleware for ASP.NET Core (.NET 8/10) that provides essential protection against malicious input.
It is designed to be small, dependency-free, and extremely easy to integrate.

🚀 Features

✔️ XSS detection (regex-based)
✔️ SQL injection detection
✔️ IP-based rate limiting
✔️ Automatic security headers
✔️ Custom XSS / SQL patterns
✔️ Zero external dependencies
✔️ Optimized performance (LINQ-free hot path)

📦 Installation

.NET CLI

dotnet add package ShieldXSS

Package Manager

Install-Package ShieldXSS

Quick Start

1. Register ShieldXSS in Program.cs

builder.Services.AddShieldXSS(options =>
{
    options.EnableXSSProtection = true;
    options.EnableSQLInjectionProtection = true;

    options.EnableRateLimiting = true;
    options.MaxAttempts = 5;
    options.TimeWindow = TimeSpan.FromMinutes(1);

    options.BlockedResponseMessage = "Request blocked for security reasons";
});

2. Add the middleware

Use UseShieldXSS in the ASP.NET pipeline:

app.UseShieldXSS();

Usage with ConfigureServices / Configure

web.ConfigureServices(services =>
{
    services.AddShieldXSS(options =>
    {
        options.EnableXSSProtection = true;
        options.EnableSQLInjectionProtection = true;
        options.EnableRateLimiting = true;
        options.MaxAttempts = 20;
        options.TimeWindow = TimeSpan.FromMinutes(1);
        options.BlockedResponseMessage = "Access denied by ShieldXSS middleware.";
    });
});

web.Configure(app =>
{
    app.UseMiddleware<ShieldXSSMiddleware>();
});

⚙️ Configuration Options

EnableXSSProtection — enables XSS pattern detection
EnableSQLInjectionProtection — enables SQL injection detection
EnableRateLimiting — enables IP-based throttling
MaxAttempts — requests allowed per window
TimeWindow — rate-limit window duration
BlockedResponseMessage — message on blocked request
CustomXSSPatterns — additional XSS regex rules
CustomSQLPatterns — additional SQL regex rules

🧪 Attack Testing

XSS examples:
?q=<script>alert(1)</script>
?q=<img src=x onerror=alert(1)>
?q=javascript:alert(1)
?q=document.cookie

SQL injection examples:
?id=1 OR 1=1
?id=10';DROP TABLE Users--
?q=UNION SELECT username FROM users
?q=CHAR(65)+CHAR(66)

Rate limiting test (CMD):
for /l %i in (1,1,20) do curl "http://localhost:51179/"

Rate limiting test (PowerShell):
1..20 | % { curl "http://localhost:51179/" }

Expected:
First 5 → 200 OK
After limit → 403 Forbidden

🔐 Security Headers

X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src 'self'

⚡ Performance

Low latency
Thread-safe rate limiting
Minimal allocations
Precompiled regex
LINQ-free hot path

📝 License

MIT License — see LICENSE.

👤 Maintainer

Created and maintained by Amelia Keki
https://github.com/ameliagherdan/ShieldXSS/issues

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.3	556	12/1/2025