AppSec Blog: Author - James Jardine

ASP.Net 4: Change the Default Encoder

In ASP.Net 4.0, Microsoft added the ability to override the default encoder. This is specifically focused on the HTMLEncode, HTMLAttributeEncode, and URLEncode functionality. These functions are used, in the eyes of security, to help mitigate cross-site scripting (XSS). The problem with the built in .Net routines is that they are built on a black-list methodology, … Continue reading ASP.Net 4: Change the Default Encoder