ASP.NET 脚本过滤 防止跨站脚本攻击

/// <summary>
    /// HTML解码
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    public string HtmlDecode(string input)
    {
        StringBuilder sb = new StringBuilder(
                     HttpUtility.HtmlDecode(input));
        return sb.ToString();
    }
    /// <summary>
    /// HTML编码
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    public string HtmlEncode(string input)
    {
        StringBuilder sb = new StringBuilder(
                         HttpUtility.HtmlEncode(input));
        //选择性的允许<b> 和 <i>
        sb.Replace("&lt;b&gt;", "<b>");
        sb.Replace("&lt;/b&gt;", "");
        sb.Replace("&lt;i&gt;", "<i>");
        sb.Replace("&lt;/i&gt;", "");
        return sb.ToString();
    }