Can we use AntiSamy to validate user input? All of our inputs are pretty standard alphanumeric fields etc..not HTML input. From what I have read AntiSamy is primarily used for sanitizing HTML/CSS input by the user.
To provide some background to my situation. Our security team has suggested using AntiSamy to address Cross-Site scripting for .Net application(ported over from classic ASP) as the current application fails XSS attacks. I was considering doing actual user input validation using regular expressions based on a basic whitelist.
So now I am confused if we can even use AntiSamy for user input validation(when user is supposed just enter text data..not HTML/CSS). I also see that there is not much support for advanced processing options in .Net.
https://www.owasp.org/index.php/AntiSamy_Version_Differences