3

Closed

AntiXss not encoding

description

Hi,
 
I am using the latest v4.0. I have:
 
Closed Jun 3, 2014 at 12:48 AM by bdorrans

comments

bdorrans wrote Apr 2, 2011 at 3:34 AM

AntiXSS's HTML encode doesn't encode apostrophes by default, unlike the .NET encoder which started doing this in 4.0 - the HTML spec says it doesn't have to, but, if you use HtmlEncode where you should use HtmlAttributeEncode then this can be a problem. This will be fixed in the next release so the HtmlEncode will encode apostrophes.

wrote Sep 29, 2011 at 5:59 PM

wrote Jun 8, 2012 at 1:07 PM

wrote Feb 22, 2013 at 12:07 AM

wrote Jun 3, 2014 at 12:48 AM

wrote Jun 3, 2014 at 12:48 AM