DEV Community

LFC
LFC

Posted on

Tip for Preventing XSS in ASP.NET

#dotnet #asp #aspnet #html

I am going to show you an old but useful tip in order to prevent command injection in our forms.

First of all, We have this line that does not encode HTML:

In order to encode correctly this output and avoid XSS attacks, you should convert it to this way:

However, ASP.NET MVC introduces this reduced syntax with the same purpose:

Did you see it?
The key is to replace <%= with <%:

Happy coding!

Top comments (0)

Read next

moh_moh701 profile image

c# Clean Code: Best Practices for new, Operators, and using

mohamed Tayel -

yushulx profile image

How to Digitize Documents in a Blazor Web App Using TWAIN, WIA, SANE, ICA, and eSCL Scanners

Xiao Ling -

canro91 profile image

TIL: How To Use the Specification Pattern in C# To Simplify Repositories

Cesar Aguirre -

kaja_uvais_a8691e947dd399 profile image

Social Media Icons with Hover Effects Using HTML and CSS

Kaja Uvais -