You are developing an ASP.NET MVC 2 application.
A view contains a form that allows users to submit their first name.
You need to display the value that is submitted, and you must ensure that your code avoids cross-site scripting.
Which code segment should you use?
A.
<%: Model.FirstName %>
B.
<%= Model.FirstName %>
C.
<% Response.Write(Model.FirstName) %>
D.
<% Response.Write(HttpUtility.HtmlDecode(Model.FirstName)) %>
Explanation:
The new <%: %> syntax provides a concise way to automatically HTML encode content and then render it as
output.
It allows you to make your code a little less verbose, and to easily check/verify that you are always HTML
encoding content throughout your site.
This can help protect your applications against cross-site script injection (XSS) and HTML injection attacks