With ASP.NET 4 we are introducing a new code expression
syntax (<%: %>) that renders output like <%= %> blocks do –
but which also automatically HTML encodes it before doing so. This
eliminates the need to explicitly HTML encode content like we did in the
example above. Instead, you can just write the more concise code below to
accomplish the exact same thing:
We chose the <%: %> syntax so that it would be easy to
quickly replace existing instances of <%= %> code blocks. It also
enables you to easily search your code-base for <%= %> elements to find
and verify any cases where you are not using HTML encoding within your
application to ensure that you have the correct behavior.