Json XmlDocument serialization
in an aspx, I am using Newtonsoft.Json.JsonConvert.SerializeXmlNode to
serialize an XmlDocument to a string. This string is then written to the
Response output for the page.
Problems can occur if any of the data contains "script" tags - which could
be a simple "alert" box, or something more sinister.
Is it possible to tell the Json serializer to "html-encode" the data it
creates, so the receiving browser does not interpret any of the string as
a command to execute?
Thanks.
No comments:
Post a Comment