List of special charter which cause issue on post

Question

I want to avoid script injection in my already running asp.net application, so I have added FilteredTextBoxExtender with every text box at run time on Pagebase Init event and that works perfectly, where I have defined "<>&" charters which are invalid.

I want to know all special charters which cause an issue for script injection.

Answer 1

Try using Server.HTMLEncode and Server.HTMLDecode.

1. The less-than character (<) is converted to <.
2. The greater-than character (>) is converted to >.
3. The ampersand character (&) is converted to &.
4. The double-quote character (") is converted to ".
5. Any ASCII code character whose code is greater-than or equal to 0x80 is converted to &#, where is the ASCII character value.

More details
http://msdn.microsoft.com/en-in/library/ms525347%28v=vs.90%29.aspx

Edit 1

Some SO links
ASP.NET Server.HtmlEncode Limitations
Why is Server.HtmlEncode required?

Edit 2

You can refer to this link
What characters or character combinations are invalid when ValidateRequest is set to true?