DEV Community


Posted on

Tip for Preventing XSS in ASP.NET

I am going to show you an old but useful tip in order to prevent command injection in our forms.

First of all, We have this line that does not encode HTML:

In order to encode correctly this output and avoid XSS attacks, you should convert it to this way:

However, ASP.NET MVC introduces this reduced syntax with the same purpose:

Did you see it?
The key is to replace <%= with <%:

Happy coding!

Discussion (0)