I want to use Microsofts WPL AntiXSS Library as default HTTPEncoder as described at haacked but this documentation is for WPL 3.1 and I've read that there is a change regarding HTTPEncoder with latest WPL 4.0. What is the best way to implement it so that all input fields are automatically encoded? Thanks!
Asked
Active
Viewed 1,028 times
2 Answers
1
The most inportant change in this context seems to be that if you pass a null as the value for encoding function the function will return null (previous behavior was to return String.Empty). The System.IO.TextWriter will handle nulls properly, so everything should work as expected.
tpeczek
- 23,867
- 3
- 74
- 77
-
So i could embed also AntiXSS 4.0 as described above for 3.1, right? – K232 Apr 07 '11 at 11:46
-
@K232 Right, AntiXSS 4.0 shouldn't require any changes – tpeczek Apr 07 '11 at 12:05
1
The only change is in the class names, they were renamed to Encoder.whatever in 4.0. If you use Phil's code you'll get a bunch of obsolete warnings.
In 4.1 I will finally have a built in class to allow use as a default encoder, but I don't have a ship date yet I'm afraid.
blowdart
- 55,577
- 12
- 114
- 149
-
I tried to translate the code from haacked from c# to vb.net but without success. It says "Inherits HTTPEncoder" but "HTTPEncoder" is unknown. The AntiXSS DLL 4.0 is listed in my references.... ? – K232 Apr 07 '11 at 22:56
-
That's coming from .NET, not AntiXSS. Are you sure you're targetting v4 of the framework? – blowdart Apr 08 '11 at 00:41
-
Yes, was 3.5, many thanks!! Now I've selected 4.0 and it works. But now I have a problem at '
': When I start the application it always says: Unhandled Win32 exception....? – K232 Apr 08 '11 at 22:54 -