AntiXss vs XSLT

Jul 13, 2011 at 1:55 AM

I have couple really big XSLT stylesheets that convert XML into HTML. I'm looking for elegant way of using AntiXss.HtmlEncode during XSLT transformation.
If I correclty understand how the XSLT transformation works it always encodes by default output of nodes xsl:value-of and xsl:text. So if I want to use AntiXss encoding I have two ways:
1. Encode all text nodes before transformation and set disable-output-escaping="true" for all xsl:value-of/text nodes.
2. Add extensibility object and call it method from inside each xsl:value-of/select node. Inside this method decode input string and then encode it with AntiXss method.

Maybe I missed third way that is more straightforward. Like changing default output encoder XsltTransform uses for transformation.