diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Apr072010

New Syntax for HTML Encoding Output in ASP.NET 4 and ASP.NET MVC 2

This post covers a small, but very useful, new syntax feature being introduced with ASP.NET 4 – which is the ability to automatically HTML encode output within code nuggets. This helps protect your applications and sites against cross-site script injection (XSS) and HTML injection attacks, and enables you to do so using a nice concise syntax. XSS and HTML encoding attacks’re two of most common security issues that plague web-sites and apps. They occur when hackers find a way to inject client-side script or HTML markup into web-pages that’re then viewed by other visitors to a site. This can be used to both vandalize a site, as well as enable hackers to run client-script code that steals cookie data and/or exploits a user’s identity on a site. One way to help mitigate against cross-site scripting attacks’s to make sure that rendered output’s HTML encoded within a page. This helps ensures that any content that might’ve been input/modified by an end-user cannot be output back onto a page containing tags like <script> or <img> elements[…]

Full Article: New <%: %>Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...