Scott Guthrie recently wrote about the new <%: %> syntax for HTML encoding output in ASP.NET 4. I also covered the topic of HTML encoding code nuggets in the past as well providing some insight into our design choices for the approach we took. A commenter to Scott’s blog post asked, Will it be possible to extend this so that is uses libraries like AntiXSS instead? See: http://antixss.codeplex.com/ The answer is yes!ASP.NET 4 includes a new extensibility point which allows you to replace the default encoding logic with your own anywhere ASP.NET does encoding. Read more: haacked
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment