This attribute is new in the .NET Framework version 4.0.I have web.config file in solution with 4.0 version of .Net Framework
<system.web>
<httpRuntime encoderType="Web.AntiXss.AntiXssEncoder, Web.AntiXss"/>
and this works well, but if i change version to 3.5 i get this erorr
Unrecognized attribute 'encoderType'. Note that attribute names are case-sensitive.
encoderType attribute is only in 4.0 version, how can i rewrite this to 3.5 ?
EDIT
Or how can i use microsoft AntiXss library in .net 3.5 projects ?
I use this article for .net 4.0
http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx
This is only for .Net4
Gets or sets the name of a custom type that
can be used to handle HTML and URL encoding.
You must understand that this is an inside change of a function that are called from the core of Net4, this function is not exist on net 3.5 and lower, so its not how they write it, they just not exist.
reference: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.encodertype.aspx
This parametre actually is an option to replace the class System.Web.Util.HttpEncoder that also exist on Net 3.5, but with out the option of core replace it.
The System.Web.Util.HttpEncoder is all ready very power full, and the Net.4 actually insert some more features. By replace it with the AntiXccEncoder maybe you get some more control but if not, then is not the end of the world (by HG Wells).
Also I check if its possible with some code to replace this call, and seems to me not possible because this is called on too many points, for example its calling on all control attributes !, on url call, on html render, and its so native inside Net4 that is not worth to make so many code to change the HttpEncoder to AntiXccEncoder.
Maybe you need to focus on the page code that you may afraid for attack and be soure to handle the input data correct.