There is an unsaved comment in progress. You will lose your changes if you continue. Are you sure you want to reopen the work item?
Anti-Xss Module configuration file does not work properly
I have a site (.Net 3.5) where I want to use the Anti-Xss module. I was looking at the code and I've seen that it has a lot of "span" tag that are runat server. While doing my test, I used the default configuration file (antixssmodule.config)
having almost all controls inside the config. It was still showing the html as html. Then I tried to add the following line inside the config file:
<ControlEncodingContext FullClassName="System.Web.UI.HtmlControls.HtmlGenericControl" PropertyName="InnerHtml" EncodingContext="Html" />
Because "span" is a "HtmlGenericControl", I was pretty sure that would work but it doesn't. Is there any reason why it would not work?
Thank you in advance.