2

I am really confused about whether or not I should be using Microsoft's AntiXSS library to encode my HTML, instead of HttpUtility's HTMLEncode method.

Looking here, the answer would be a resounding yes, and looks of good reasons provided, but then you go to the Codeplex page and see lots of bad reviews, with basically everybody saying it is broken, and I see it hasn't been updated in two years.

What's going on here? Has HttpUtility's HTMLEncode method been improved making it as secure? Has this library been replaced with something else?

What should you be using in 2014 to securely encode HTML in .net?

Thanks

Community
  • 1
  • 1
JMK
  • 27,273
  • 52
  • 163
  • 280

1 Answers1

0

I believe you should use it. As of .NET 4.5 Microsoft has even added it to their framework as System.Web.Security.AntiXss Also note that the reviews for the link are to an older version of the AntiXss library. Hopefully some of those issues have been resolved in the 4.3 version.

Chris
  • 320
  • 3
  • 14