How to ignore meta tags when using the AntiXssOutputEncoder?

Question

I'm using an Anti XSS Output encoder similar to the one htat Phil Hacck put forward here

Unfortuantely, it's running rampant over my Site.master and fouling up the meta-tags like so:

<meta name="robots" content="all,&#32;follow" />

And in Site.master it is written simply as:

<meta name="robots" content="all, follow" /> 

Which would be the correct output under normal circumstances, but I'd prefer to be able to skip the meta tags in the site.master.

Is there a way to do this while running your own HttpEncoder?

Answer 1

I don't think you get that information, but you could try whitelisting allowed values, if you don't have many meta tags like this.

A simplified version would be:

protected override void HtmlAttributeEncode(string value, TextWriter output)
{
    if (value != "all, follow")
    {
        output.Write(AntiXss.HtmlAttributeEncode(value));
    } 
    else
    {
        output.Write(value);
    }
}

Not ideal, but insofar as I can see, HttpEncoder doesn't hand you context.