<p>The <code>HttpUtility</code> class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided?</p> <p>For example</p> <p>Before applying AntiXSS:</p> <pre class="prettyprint"><code>lblName.Text = "ABC" + "<script> alert('Inject'); </script"; </code></pre> <p>After applying AntiXSS:</p> <pre class="prettyprint"><code>lblName.Text = AntiXSS.HTMLEncode("ABC" + "<script> alert('Inject'); </script"); </code></pre> <p>So, after applying the encoding, the HTML tags show up in my Label control.</p> <p>Is this the desired outcome?</p>

Microsoft AntiXSS - Is there a need to Decode?

The HttpUtility class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided?

For example

Before applying AntiXSS:

lblName.Text = "ABC" + "<script> alert('Inject'); </script";

After applying AntiXSS:

lblName.Text = AntiXSS.HTMLEncode("ABC" + "<script> alert('Inject'); </script");

So, after applying the encoding, the HTML tags show up in my Label control.

Is this the desired outcome?

You can use the HttpUtility.HtmlDecode method to decode AntiXss encoded text (or any encoded text). No explicit AntiXss decode is required.

Microsoft AntiXSS - Is there a need to Decode?

Tags:

c#

asp.net

html-encode

antixsslibrary

GilliVilla

1 Answers

Brody

Recent Activity

Donate For Us

Microsoft AntiXSS - Is there a need to Decode?

Tags:

c#

asp.net

html-encode

antixsslibrary

GilliVilla

1 Answers

Brody

Related questions

Recent Activity

Donate For Us