1

I am using AntiXss library 4.0 for encoding text before displaying on the asp page. 

 <asp:Label Text="text" runat="server" ID="lblTest" />

<asp:ListBox runat="server" ID="lsbTest">
</asp:ListBox>

This is the asp code. In the PageLoad I am writing

 lblTest.Text = Encoder.HtmlEncode("test & test");
        lsbTest.Items.Add(new ListItem(Encoder.HtmlEncode("test & test"), Encoder.HtmlEncode("test & test")));

Here, when the text in the label is rendered, it shows & as &, but in the case of Listbox, & is rendered as &amp;. But, I want this to be rendered as & even in listbox. How to do this? Thanks, Ashwani

Ashwani K
  • 7,880
  • 19
  • 63
  • 102

1 Answers1

1

The items in a ListItem are automatically encoded for you. If you have configured the AntiXSS library as default HttpEncoder, you wont have to encode it manually. If you didn't configure it, ASP.NET will use the default (less secure) encoding.

To configure it, read this article.

Steven
  • 166,672
  • 24
  • 332
  • 435
  • Thanks, Can u tell me how to know if a string is encoded or not, so that double encoding can be avoided? – Ashwani K Jan 28 '11 at 13:09
  • That's a total new question, which I don't know the answer to :-). You might try asking this at http://stackoverflow.com/questions/ask. – Steven Jan 28 '11 at 15:06