would i need antixss for report printing

I h开发者_JAVA百科ave a report web page that allows you to export records shown to an excel file. I'm using AntiXss to display them on the screen but when a user opts to export to file and I go and get the records again from db will I need to use AntiXss to scrub for reporting purposes?

Thanks,

rod.

No. AntiXss is used to prevent Cross Site Scripting - an Excel document is not vunerable to these attacks. Even if you had XSS code in the Excel file and a user saved the Excel file as HTML (and loaded it in their browser), the content is automatically encoded and would have no effect.