Which code segment should you use?

You are developing an ASP.NET MVC 2 application.
A view contains a form that allows users to submit their first name.
You need to display the value that is submitted, and you must ensure that your code avoids cross-site scripting.
Which code segment should you use?

You are developing an ASP.NET MVC 2 application.
A view contains a form that allows users to submit their first name.
You need to display the value that is submitted, and you must ensure that your code avoids cross-site scripting.
Which code segment should you use?

A.
<%: Model.FirstName %>

B.
<%= Model.FirstName %>

C.
<% Response.Write(Model.FirstName) %>

D.
<% Response.Write(HttpUtility.HtmlDecode(Model.FirstName)) %>

Explanation:
The new <%: %> syntax provides a concise way to automatically HTML encode content and then render it as
output.
It allows you to make your code a little less verbose, and to easily check/verify that you are always HTML
encoding content throughout your site.
This can help protect your applications against cross-site script injection (XSS) and HTML injection attacks



Leave a Reply 0

Your email address will not be published. Required fields are marked *