ASP.NET MVC 2 - AntiXSS vs Built In MVC Encoding

Now that MVC has introduced HTML Encoding via

<%: blah %>

is there still value in using

<%= AntiXSS.HTMLEncode(blah) %>

instead?

For Example: My application will take all content in (including JavaScript) and store it in it's raw state in the database. I was planning on simply outputting everything using something like <%: model.Name %> and relying on the MVC "stuff" to do the encoding for me.

Is that method secure enough to rely on for AntiXSS, or do I need to explicitly use the AntiXSS Library? If I need to use the AntiXSS Library, can I ask why wouldn't that kind of thing be already built into MVC?

Solution

I don't think there's any real difference, but if you're really that concerned, you can use the AntiXss library as the default encoder for asp.net, as described in this article.

Route matching with GetVirtualPath
Entity Framework 4 - Calling a Select / Paging Stored Procedure
Paging more than one collection on a single page in asp.net mvc
C# MVC2 Jqgrid - what is the correct way to do server side paging?
ModelState.AddModelError - How can I add an error that isn't for a property?
passing action method parameter to ActionFilterAttribute in asp.net mvc
How do I use Request.RequestUri.Query in .NET? (Error 11 'System.Web.HttpRequestBase' does not contain a definition for 'RequestUri')
Handling FileContentResult when file is not found
Global.asax Exception Handling and HTTP Error Codes
Can I get the controller from the HttpContext?
Percentage calculation
.NET Presentation Tier Architecture / Blueprint for Line of Business Systems
Check for the option label string
if(ModelState.IsValid) doesn't work with FormsCollection. What to use instead?
Bind CheckBoxFor to bool?
MVC controller is being called twice
Mvc 5 pagination using view model
MVC and EditorFor width
Pass collection of enums to ASP.NET MVC ActionMethod
Can't load a DropDownList with values
The IControllerFactory ... did not return a controller for the name 'Rss'
Getting index value on razor foreach
Extra If Statements Or Repetative Code in C#
ASP.Net MVC - Sending an object from controller to view to controller
Proper way of building MVC ActionLink
ambiguous reference
Asp.net MVC validation for non-strings
How does AntiForgeryToken work?
MVC 2.0 Post Form to action instead of redirect to action
My extension method isn't registering (Error 1 'System.Web.Mvc.HtmlHelper' does not contain a definition for 'PageLinks' and ...)