New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)
page 1 of 9
Published: 06 Apr 2010
Unedited - Community Contributed
Abstract
This article examines a new feature of ASP.NET 4 which automatically encodes HTML output within <%: %> code nuggets to protect your application and sites against cross-site script injection (XSS) and HTML injection attacks. It enables you to do so using a nice concise syntax. He also examines the concept with reference to ASP.NET MVC 2.
by Scott Guthrie
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 19382/ 496

Introduction

Republished with Permission - Original Article

In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu]

This is the nineteenth in a series of blog posts I’m doing on the upcoming VS 2010 and .NET 4 release.

Today’s post covers a small, but very useful, new syntax feature being introduced with ASP.NET 4 – which is the ability to automatically HTML encode output within code nuggets.  This helps protect your applications and sites against cross-site script injection (XSS) and HTML injection attacks, and enables you to do so using a nice concise syntax.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2014 ASPAlliance.com  |  Page Processed at 12/18/2014 12:21:48 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search