1

In my application, I have rich textbox, and I wonder what is safer to use:

  • A bbcode rich textbox with bbcode parser,

or

  • A rich textbox with html encoded tags, and validation with Microsoft anti-XSS sanitizer

I think that first approach is a bit harder to implement, because I would need to write a custom bbcode validator/sanitizer.

So, which method would you use, and why?

4

0 回答 0