Which ASP.NET Controls Automatically Encodes?
I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer I had for a long time was to look at MSDN or even write a quick sample and test the behavior. If you are asking yourself the same question, you can now use the attached document to see if the control if offering the appropriate encoding. The document list all asp.net control and which property offers html, script or url encoding. You can also see which html attribute the property is bound to. This document is quite useful when you are reviewing your code for possible Cross-Site Scripting (XSS) or double encoding problems.
I was made aware that the initial content was provided as part of the companion content for the excellent book Hunting for Security bugs available at https://www.microsoft.com/mspress/companion/0-7356-2187-X/. The file attached to this is indeed base on the same content since I received it internally by the author's team. I found some slight issues and made some changes. I recommend the file I provide until the book companio content gets updated.