I need to encode some javascript on the server side that is getting injected into the html. I'm using Microsoft.Security.Application.Encoder.JavaScriptEncode() but it ends up looking like this from view source:
'var DesignTheme \x3d \x7b\x22StyleId\x22\x3a\x2235\x22,\x22BackgroundColor\x22\x3a\x22\x23DDF1FA\x22,\x22HeaderColor\x22\x3a\x22\x230B70A6\x22,\x22ButtonColor\x22\x3a\x22\x2347B937\x22,\x22BoxBackgroundColor\x22\x3a....
What gives? Am I using the wrong method to encode? The goal is to prevent cross site scripting, and this javascript threw a red flag on a recent security scan of our website.