I develop a web application on ASP.NET and I get text data from users and then display this input on the website. While saving data input to the database, I do not encode the input data and write it directly to db.
If the input contains "enter", I do not want to lose line breaks. Therefore, I replace such data: Replace ("\ r \ n", " <br />")
And to prevent an XSS attack before displaying, I encode the data using the Microsoft AntiXSS library. Microsoft.Security.Application.Encoder.HtmlEncode function.
This function also encodes " <br/>", and on the screen I have no line break.
If I first code using AntiXSS and then replace "\ r \ n" with " <br/>", I also do not get line breaks, since AntiXSS, I think, removes "\ r \ n".
If I use Server.HtmlEncode and then replace "\ r \ n" with " <br/>", then everything will be fine. But I want to use the AntiXSS library, and I don't know how to do it.
Is there a way to print line breaks using the AntiXSS HtmlEncode function?
thank
source
share