I'm doing some AntiXSS work. The user inputs some text which is then put through
Microsoft.Security.Application.Encoder.HtmlEncode();
and saved to the database.
This text can then be displayed in either a label or a textbox.
If I put the encoded text into the text property of a label it displays fine. If I assign it to the text property of a textbox it's displayed in it's encoded form.
How can I display the text correctly in the textbox and the label? Does the library offer any decode mechanisms?
Because of project requirements I cannot change either the library or the fact that it's encoded on the input.
You can use Server.HtmlDecode or HttpUtility.HtmlDecode.