I added AntiXSS library to my project
And where are you using it?
Make sure that you have not only added AntiXSS but you actually used it:
@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(Model.Place.Description))
But remember that the new version of the AntiXSS library is a bit too restrictive and will strip tags like <strong>
and <br>
out which might not be desired.
As an alternative to the AntiXSS library you could use HTML Agility Pack to do this job. Rick Strahl blogged about a sample implementation
.