TechQA.

Strange results when using AntiXss.HtmlEncode

812 views Asked by At

I am trying to limit XSS attacks to a site, and am using the AntiXss Library to encode any untrusted strings before including in the response.

AntiXssEncoder.HtmlEncode(_Title, False)

My database value looks like this - If There's a Fire, which after being encoded shows the html code on screen. Strangely the source code also contains the html code with amp;#39; but browsers shows it as text rather than the correct character.

What am I doing wrong?

.net encoding antixsslibrary
Original Q&A
2

There are 2 answers

0
DavidB On

The issue was because the value was being encoded twice

0
Aki On

First,

Properly decode previously Encode values using WebUtility.HtmlDecode(HTMLEncodedValue);

then, If you are showing values in some HTML control like table data<td></td>, use controlID.innerHtml instead of controlID.innerText.

Kindly revert with more details, if it does not help you.

Related Questions in .NET

Related Questions in ENCODING

Related Questions in ANTIXSSLIBRARY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions