I am using vb.net to make a website and the data for it (including the control names, values, labels. tooltiptext etc..) are comming from a shared database.
In order to improve security I HTML encoded everything that comes from the database.
But now sometimes it displays correctly (ie &) and sometimes not (ie & ). How can i tell how it is going to come out?
Gridviews do not decode it but labels do but tooltip text doesnt.
Is there any pattern to this?
How do I know what to encode or not?