OK This is a basic change password form, how can I sanitize this input? is it safe to use AntiXSS HtmlEncode? I want to make sure that the encoding won't change randomly entered characters
what's the best way to do it?
please advise
Don't encode. You don't need to - you encode when you reflect user input in your output. I would assume that when you process the password you just shove it in the database (after hashing and salting it obviously) and it's never output. As it's never output in HTML you don't have to worry.