HTML Encoded Code Expression

Home About Me Contact Me RSS ATOM

- Posts By Date

July 2010 (1)
May 2010 (1)
April 2010 (13)
February 2010 (7)
January 2010 (2)
October 2009 (3)
September 2009 (5)
August 2009 (7)
July 2009 (2)
June 2009 (1)
May 2009 (4)
April 2009 (6)
March 2009 (9)
February 2009 (1)
January 2009 (5)
December 2008 (2)
November 2008 (1)
October 2008 (4)
September 2008 (1)
August 2008 (1)
July 2008 (6)
June 2008 (2)
May 2008 (2)
April 2008 (4)
March 2008 (6)
February 2008 (24)
January 2008 (18)
December 2007 (12)
November 2007 (4)
October 2007 (16)
September 2007 (11)
August 2007 (20)
July 2007 (12)
June 2007 (8)
May 2007 (18)
April 2007 (9)
March 2007 (8)
February 2007 (15)
January 2007 (7)
December 2006 (14)
November 2006 (27)
October 2006 (24)
September 2006 (31)
August 2006 (14)

- Search The site

Subscribe by Email

- Sites I visit

JustLikeThat
Farghana
ScottGu
Techolyvia
Sadhan

- Recent Blogs

Community Tech days on 11th July in Kolkata

LINQ series posts

LINQ and Aggregate function

Working with Joins in LINQ

17 new features in Visual Studio 2010

Using the StopWatch class to calculate the execution time of a block of code

Using Generation operator in LINQ

Retrieving only the first record or record at a certain index in LINQ

LINQ and conversion operators

Using set operation in LINQ

Grouping data in LINQ with the help of group keyword

LINQ and ordering of the result set

TakeWhile and SkipWhile method in LINQ

Using Take and skip keyword to filter records in LINQ

Filtering data in LINQ with the help of where clause

HTML Encoded Code Expression

Code expression HTML encode in Asp.Net

Posted on 2/22/2010 10:46:25 AM in #Asp.Net 4.0

Hi,

One of the new features in Asp.Net 4.0 is the inclusion of Code expressions which are HTML encoded by default. IN Asp.Net the code expression by default does not encode any text and hence it can leave the chance of Cross Site scripting attack.

In Asp.Net 4.0 we can now write expression which will get encoded by itself. For writing HTML encoded expression we need to use the following expression

<%: %>

This could have been easily done in the previous version also by using the HttpUtility.HtmlEncode method in the expression. But it has been made easy now by providing a common expression. Below is an example of same output with or without using the expression.

<%= HttpUtility.HtmlEncode(Request["UserInput"]) %>
<%: Request["UserInput"] %>

Vikram

Share this post Email it

Feedback

Please post your comments:

Name:

Email (optional): Your email address will not be posted.

URL (optional):

Comments: HTML will be ignored, URLs will be converted to hyperlinks

Enter the text you see in the box:

Vikram Lakhotia Blog on Asp.Net, Dot Net, SQL, VIsual Studio, C# etc