We are currently using System.Web.Security.AntiXss.AntiXssEncoder to do some automatic encoding of values being written. We developed some additional functionality for more strict encoding. This is currently being handled via wrappers on the individual values. It would be better to wrap all the inputs in the code without specifically having to write in the code each time it could be needed.
Can I override System.Web.Security.AntiXss.AntiXssEncoder with a new class and add it to the web config? Is it as simple updating the httpRuntime configuration with the new class name?
Is there an additional section of the web.config I should look at?
Is there a better way to add additional encoding functionality?
question from:
https://stackoverflow.com/questions/65927891/how-can-i-override-the-xss-preventions-for-asp-net-forms-4-7 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
