How to use Microsofts WPL / Anti-XSS as default HTTPEncoder?

I want to use Microsofts WPL AntiXSS Library as default HTTPEncoder as described at haacked but this docume开发者_运维百科ntation is for WPL 3.1 and I've read that there is a change regarding HTTPEncoder with latest WPL 4.0. What is the best way to implement it so that all input fields are automatically encoded? Thanks!

The most inportant change in this context seems to be that if you pass a null as the value for encoding function the function will return null (previous behavior was to return String.Empty). The System.IO.TextWriter will handle nulls properly, so everything should work as expected.

The only change is in the class names, they were renamed to Encoder.whatever in 4.0. If you use Phil's code you'll get a bunch of obsolete warnings.

In 4.1 I will finally have a built in class to allow use as a default encoder, but I don't have a ship date yet I'm afraid.