hungtran-it · June 22, 2013 07:54
diff --git a/new_gist_file b/new_gist_file
 To configure ASP.NET to use deferred request validation, update the httpRuntime >
 requestValidationMode attribute in web.config to 4.5:
 <httpRuntime requestValidationMode="4.5" />
 When deferred request validation is enabled, the validation process will get triggered
 the first time the application calls the request collection (e.g., Request.Form["post_con
 tent"]). To skip the input validation, use the HttpRequest.Unvalidated() helper
 method to access an unvalidated collection:
 using System.Web.Helpers;
 var data = HttpContext.Request.Unvalidated().Form["post_content"];
 Microsoft has included a portion of the popular Microsoft Anti-XSS Library in
 ASP.NET 4.5. The encoding features are part of the AntiXSSEncoded class, which is in
 the System.Web.Security.AntiXss namespace. The library can be used directly by calling
 one of the static encoding methods in the AntiXSSEncoded class.
 An easy way to utilize the new anti-XSS functionality is to set up an ASP.NET web
 application to use the class by default. This is done by setting the encoderType in
 web.config to AntiXssEncoded. When this is turned on, all output encoding will automatically
 use the new XSS encoding functionality:
 <httpRuntime ...
 encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=4.0.0.0, ↵
 Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
 Here are the features from the Anti-XSS library included in ASP.NET 4.5:
 • HtmlEncode, HtmlFormUrlEncode, and HtmlAttributeEncode
 • XmlAttributeEncode and XmlEncode
 • UrlEncode and UrlPathEncode (new to ASP.NET 4.5!)
 • CssEncode
	To configure ASP.NET to use deferred request validation, update the httpRuntime >
	requestValidationMode attribute in web.config to 4.5:
	<httpRuntime requestValidationMode="4.5" />
	When deferred request validation is enabled, the validation process will get triggered
	the first time the application calls the request collection (e.g., Request.Form["post_con
	tent"]). To skip the input validation, use the HttpRequest.Unvalidated() helper
	method to access an unvalidated collection:
	using System.Web.Helpers;
	var data = HttpContext.Request.Unvalidated().Form["post_content"];
	Microsoft has included a portion of the popular Microsoft Anti-XSS Library in
	ASP.NET 4.5. The encoding features are part of the AntiXSSEncoded class, which is in
	the System.Web.Security.AntiXss namespace. The library can be used directly by calling
	one of the static encoding methods in the AntiXSSEncoded class.
	An easy way to utilize the new anti-XSS functionality is to set up an ASP.NET web
	application to use the class by default. This is done by setting the encoderType in
	web.config to AntiXssEncoded. When this is turned on, all output encoding will automatically
	use the new XSS encoding functionality:
	<httpRuntime ...
	encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=4.0.0.0, ↵
	Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
	Here are the features from the Anti-XSS library included in ASP.NET 4.5:
	• HtmlEncode, HtmlFormUrlEncode, and HtmlAttributeEncode
	• XmlAttributeEncode and XmlEncode
	• UrlEncode and UrlPathEncode (new to ASP.NET 4.5!)
	• CssEncode
No results found