When can HttpUtility.HtmlEncode() reduce risk of XSS attack?
I was under the impression that it was best practice to encode the URL before I call Redirect().
But then was told it makes no difference, since encoding it just means the browser needs to decode it. And, all that matters is how you protect yourself from incoming malicious URL's. Obviously, a hacker can reformat any outputted URL.
Where and when does it make sense to use HttpUtility.HtmlEncode(returnUrl) ?