The HttpUtility
class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided?
For example
Before applying AntiXSS:
lblName.Text = "ABC" + "<script> alert('Inject'); </script";
After applying AntiXSS:
lblName.Text = AntiXSS.HTMLEncode("ABC" + "<script> alert('Inject'); </script");
So, after applying the encoding, the HTML tags show up in my Label control.
Is this the desired outcome?