I'm using the AntiXSS as the default engine for my Asp.Net MVC website. The problem is, it encodes Farsi characters like "راهنما". I'm not an expert in security but I think these characters are fine and won't cause a problem for my website. I was wondering if I could add them to the white-list of this library to let them render normally not as encoded characters. (same text above shown as "راهنما")
Asked
Active
Viewed 98 times
2
Alireza Noori
- 14,961
- 30
- 95
- 179
-
Simply use HttpUtility to encode strings. It is just as secure because it does not leave dangerous characters unencoded. – usr Nov 17 '14 at 09:18
-
@usr the problem with that approach is that I have to manually encode every single piece of user output. That way I may miss somewhere. Using AntiXSS library ensures that all the output is going through a white list instead of a black list – Alireza Noori Nov 17 '14 at 09:38