none
Anti XSS 4.3.0 encode valid characters RRS feed

  • Question

  • Hi,

    Is it possible to escape particular character from encoding.

    I am using Encode.HtmlEncode() method provided in AntiXSS Library 4.3.0 to encode user input.

    It is encoding "&" which we don't want to encode.

    Please provide any solution if any.

    Thank you!!!
    • Moved by CoolDadTx Wednesday, November 20, 2019 2:59 PM ASP.NET related
    Monday, November 18, 2019 4:52 AM

All replies

  • Hi Durgesh,

    Thank you for posting here.

    As far as I know, the & symbol should belong to LowerCodeCharts.BasicLatin, but I don't know why it failed.

    Finally I had to give up Microsoft.Security.Application and use System.Web.HttpUtilit instead.

    This class is easy to use and seems to be more comprehensive.

    This is my code:

    String str = "Βρε&&";
    //System.Web.HttpUtilit
    String data = System.Web.HttpUtility.HtmlEncode(str);
    
    StringWriter myWriter = new StringWriter();
    // Decode the encoded string.
    HttpUtility.HtmlDecode(data, myWriter);
    string myDecodedString = myWriter.ToString();
    Console.WriteLine($"Decoded string of the above encoded string is: {myDecodedString}");
    

    Result:

    Hope this could be helpful.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, November 19, 2019 2:51 AM
  • Hi,

    Thanks for your reply!!

    I did tried to use System.Web.HttpUtility.HtmlEncode() method to encode user input, but it is behaving in same manner as Microsoft.Security.Application.Encoder.HtmlEncode() method.

    It is encoding &.

    Please suggest solution if any.

    Thank you!!!

    Tuesday, November 19, 2019 6:26 AM
  • Hi Durgesh,

    Thanks for your feedback.

    If my previous reply didn't help, there is nothing I can do for you.

    I am not very familiar with this, maybe you can go to the ASP.Net Forms to ask this question, they may be able to provide more help.

    Best Regards,

    Timon


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Tuesday, November 19, 2019 6:40 AM