I've downloaded and looked at the Microsoft AntiXSS library, but I'm not 100% sure I need to use it for server controls (asp:textbox, etc). Everything is fine when I use it with a standard html control (input, etc). It looks like the output is encoded twice when I use the antixss lib on the server controls.
I'm currently only using the antixss lib for the standard html controls. Am I protected from cross site scripting by using the server controls and is this the best practice?