I would like to confirm that the security of ASP.NET XSS has been tightened considerably with .NET 4.0. I ask this as we have had a number of issues with our production application on moving from .NET 2 to .NET 4.0. Not catastrophic issues but something we had not experienced before. The application is web based. Our older .NET 2.0 version has been in the market place for a number of years therefore has legacy information loaded into the database. We recently have upgraded the application and also it now runs on .NET 4.0. Some legacy data users have entered contains the < and > symbols. This of course causes an error/warning when the page is rendered using these items. This is not a bad thing and we can very easily work around this by working with our clients who have this issue. BUT if I state that our new environment is now more secure and the move to .NET 4.0 has improved this security I would like to know that this is a true statement, not a lie.Mark Murray Technical Support Manager Tax & Accounting

For this kind of questions, please discuss in our MSDN forum. .NET 4: Windows Workflow Foundation http://social.msdn.microsoft.com/Forums/en-US/wfprerelease/threads Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

This has already been moved to this area. I have discovered that the upgrade has caused better security so I will close this thread.Mark Murray Technical Support Manager Tax & Accounting