问题
I am developing web application on ASP.NET and I am getting textarea input from users and later display this input on website. While saving input into database I am not encoding input and directly write them into db.
If input contains "enter" I don't want to lose line breaks. So I am replacing data like that:
Replace("\r\n", "<br />")
And to prevent XSS attack before displaying I am encoding data using Microsoft's AntiXSS library's Microsoft.Security.Application.Encoder.HtmlEncode function.
This function also encodes "<br/>" and on screen I don't have any line break.
If I encode first with AntiXSS and then replace "\r\n" with "<br/>" I am not getting any line break as well, since AntiXSS I think removes "\r\n".
If I use Server.HtmlEncode and then replace "\r\n" with "<br/>" then everything is fine. But I want to use AntiXSS library and I don't know how to achieve this.
Is there any way to print line breaks using AntiXSS HtmlEncode function?
Thanks
来源:https://stackoverflow.com/questions/10665549/antixss-htmlencode-textarea-line-break-loss