Using AntiXSS as the default ASP.NET encoder

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image

.NET 4.0 introduced the ability to swap the default encoding libraries from the core .NET framework libraries to any external library which implements System.Web.Util.HttpEncoder. AntiXSS 4.1 now provides an implementation of this class which will allow you to use AntiXSS as the default encoder in both MVC and WebForms.

To configure AntiXSS as the default encoder you will need to ensure you have added the .NET 4.0 version of the library to your application. You must also add an encoderType attribute to the httpRuntime section in your web.config;

<httpRuntime encoderType="Microsoft.Security.Application.AntiXssEncoder, AntiXssLibrary"/>

See Also: