Scott Guthrie recently wrote about the new <%: %> syntax for HTML encoding output in ASP.NET 4. I also covered the topic of HTML encoding code nuggets in the past as well providing some insight into our design choices for the approach we took.
A commenter to Scott’s blog post asked,
Will it be possible to extend this so that is uses libraries like AntiXSS instead? See: http://antixss.codeplex.com/
The answer is yes!
ASP.NET 4 includes a new extensibility point which allows you to replace the default encoding logic with your own anywhere ASP.NET does encoding.
Read more: haacked
Posts
