So, in my application, i do have rich textbox, and i do wonder what is safer to use:[*]An bbcode rich textbox with bbcode parser,or[*]A rich textbox with html encoded tags, and validation with microsoft's antixss sanitizerI think that first approach is a bit harder to implement, because i would need to write a custom bbcode validator/sanitizer.So, which method would you use, and why?
ASP MVC 4 - security issue about using bbcode parser vs antiXSS library
- Thread starter jojo
- Start date