New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2) : ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

page 1 of 9

Published: 06 Apr 2010

Unedited - Community Contributed

Abstract
This article examines a new feature of ASP.NET 4 which automatically encodes HTML output within <%: %> code nuggets to protect your application and sites against cross-site script injection (XSS) and HTML injection attacks. It enables you to do so using a nice concise syntax. He also examines the concept with reference to ASP.NET MVC 2.

by Scott Guthrie
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 40492/ 51

Article Contents:

Introduction

Republished with Permission - Original Article

In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu]

This is the nineteenth in a series of blog posts I’m doing on the upcoming VS 2010 and .NET 4 release.

Today’s post covers a small, but very useful, new syntax feature being introduced with ASP.NET 4 – which is the ability to automatically HTML encode output within code nuggets. This helps protect your applications and sites against cross-site script injection (XSS) and HTML injection attacks, and enables you to do so using a nice concise syntax.

View Entire Article

(Page 2) »

User Comments

No comments posted yet.

Product Spotlight