Quick fix for issue tracker #315

- AntiXSS Library upgraded from version 1.5 to 4.2.1
- WebPortal web.config changed to force framework to use AntiXSS
- obsolete AntiXss.HtmlEncode calls replaced with Microsoft.Security.Application.Encoder.HtmlEncode

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/AuditLogControl.ascx.cs

@@ -185,9 +185,9 @@ namespace WebsitePanel.Portal.UserControls
 					GetAuditLogSourceName((string)dr["SourceName"]));
                 // Task
 				sb.AppendFormat("\"{0}\",", 
-					AntiXss.HtmlEncode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
+					Microsoft.Security.Application.Encoder.HtmlEncode(GetAuditLogTaskName((string)dr["SourceName"], (string)dr["TaskName"])));
 				// Item-Name
-                sb.AppendFormat("\"{0}\",", AntiXss.HtmlEncode(dr["ItemName"].ToString()));
+                sb.AppendFormat("\"{0}\",", Microsoft.Security.Application.Encoder.HtmlEncode(dr["ItemName"].ToString()));
 				// Execution-Log
 				string executionLog = FormatPlainTextExecutionLog(
 					dr["ExecutionLog"].ToString(), DateTime.Parse(dr["StartDate"].ToString()));

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/Comments.ascx.cs

@@ -66,8 +66,8 @@ namespace WebsitePanel.Portal
             if (!String.IsNullOrEmpty(Comments))
             {
                 // escape symbols
-				imgView.AlternateText = Comments;// Comments.Replace("\n", "<br/>").Replace("\r", "");//.Replace(" ", "&nbsp;");
-				imgView.ToolTip = Comments;
+                imgView.AlternateText = Server.HtmlDecode(Comments);// Comments.Replace("\n", "<br/>").Replace("\r", "");//.Replace(" ", "&nbsp;");
+				imgView.ToolTip = Server.HtmlDecode(Comments);
                     //.Replace("\n", "<br/>");
             }
             else

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/MessageBox.ascx.cs

@@ -81,7 +81,7 @@ namespace WebsitePanel.Portal
                 try
                 {
                     // technical details
-                    litPageUrl.Text = AntiXss.HtmlEncode(Request.Url.ToString());
+                    litPageUrl.Text = Microsoft.Security.Application.Encoder.HtmlEncode(Request.Url.ToString());
                     litLoggedUser.Text = PanelSecurity.LoggedUser.Username;
                     litSelectedUser.Text = PanelSecurity.SelectedUser.Username;
                     litPackageName.Text = PanelSecurity.PackageId.ToString();

WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserControls/UsernameControl.ascx.cs

@@ -71,7 +71,7 @@ namespace WebsitePanel.Portal
         public string Text
         {
             get { return EditMode ? txtName.Text.Trim() : litPrefix.Text + txtName.Text.Trim() + litSuffix.Text; }
-            set { txtName.Text = value; lblName.Text = AntiXss.HtmlEncode(value); }
+            set { txtName.Text = value; lblName.Text = Microsoft.Security.Application.Encoder.HtmlEncode(value); }
         }
 
         private UserInfo PolicyUser