When do you call Microsoft.Security.Application.AntiXss.HtmlEncode? Do you do this when the user transmits information or does it when you display information?
Microsoft.Security.Application.AntiXss.HtmlEncode
What about basic things like first name, last name, city, state, zip code?
You do this when you display information. Save the original when it was entered, convert it to display on the web page. Let's say you showed it in some other way, for example, exported it to Excel. In this case, you want to export the saved original.
Encode each line.
, , , , . , ( & - ).
&
, , . , , . : "us" , "ss" .
usFirstName = getUserInput('firstName') ssFirstName = cleanString(usFirstName);
, , (, ..) - .
. , HTML, , , , .
, , . , Microsoft AntiXss, homebrew, HTML- .
( ), , . .
, . , , . , .
, , HTML, HTTP, .. - , , . , ASP.NET , System.Web.UI.WebControls.Button, , System.Web.UI.WebControls.Literal Text. jQuery , .innerText(), , .innerHtml().
Source: https://habr.com/ru/post/1699548/More articles:Боковая панель - delphiStrange jQuery AJAX Firefox Issue - The page will not accidentally end Loading - jqueryHow to prevent scrolling in Refresh in a PropertyGrid? - c #How do you instantiate an SPWeb object from a console application? - sharepointImproved TreeView for Windows Forms-.NET 3.5 - .netConvert this circuit function to another form? - schemeWhen is the time to create a second database? - mysqlPDFKit frame available on iPhone OS? - iphoneThe term “find, delete, and return an item” in a set? - terminologyIs there a way to not create an explicit EventHandler delegate in Visual Studio? - c #All Articles