Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • adrianfriend 67 posts 68 karma points
    Oct 07, 2009 @ 17:39
    adrianfriend
    0

    Calling global c# method from xslt

    Hi All,

    We would like to use Microsoft AntiXss 3.1 to encode all user input (i.e. in QueryStrings on search & filter pages).

    I have tested this using the following

    <msxml:script language="C#" implements-prefix="lelo">
    <msxml:assembly name="AntiXssLibrary" />
    <msxml:using namespace="Microsoft.Security.Application" />       
    <![CDATA[
    public string antiXss(string querystring)
    {
       return AntiXss.HtmlEncode(querystring);
    }
    ]]>
    </msxml:script>

    As we have many XSLT files I don't really want to add this to each one, is there a more elegant solution?

    Cheers,

    Adrian

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Oct 07, 2009 @ 19:27
    Morten Bock
    0

    You could wrap it in an XSLT extension instead. The the reference would automatically be made in all new xslt files. 

    There is a small guide here: http://en.wikibooks.org/wiki/Umbraco/Create_xslt_exstension_like_umbraco.Library_in_C

  • adrianfriend 67 posts 68 karma points
    Oct 07, 2009 @ 20:00
    adrianfriend
    0

    tak Morten exactly what I was looking for :)

Please Sign in or register to post replies

Write your reply to:

Draft