Most web developer must know about RequestValidation configuration in .NET
which we can disable the XSS attack.
But If we want to disable 'RequestValidation' it so we can have flexibility to handle it, We can use Server.HtmlEncode(). to display it.
However this still not enough. This will expose to XSS attack.
My college (Rob) find a utility which nice to replace Server.HTMLEncode().
and replace Server.HTMLEncode() with AntiXss.UrlEncode();