Using microsoft AntiXss cross site script encoder to encode standard input controls on an ASP .NET page
-
Hello, I have been assigned the task of using the microsoft AntiXss library to encode all of the input text controls on several asp .net web pages. I was told to use the EncodeHTML method to assign/retreve values to (textboxes, listboxes, etc.) After inspecting the EncodeHTML it looks like it is only used with streaming html sent out the Request object and not used for accessing control text in the code behind. Can someone explain to me if you can access asp textboxes .text values in the code behind, without using the Request object, like is usually the norm. Also, A decission has been made to do away with all query strings of the application and store everything in session. Is this the best way to go because not only are query strings used in the code behind but also in the javascript. If there are security issues with the query strings could not the AntiXss library help here instead of for asp form textboxes? Any advise and examples of using the AntiXSS with standard asp controls would be great! Thanks, Steve Holdorf