Hi, in an aspx, I am using Newtonsoft.Json.JsonConvert.SerializeXmlNode to serialize an XmlDocument to a string. This string is then written to the Response output for the page.
Problems can occur if any of the data contains "script" tags - which could be a simple "alert" box, or something more sinister.
Is it possible to tell the Json serializer to "html-encode" the data it creates, so the receiving browser does not interpret any of the string as a command to execute?
Thanks.