DEV Community

LFC
LFC

Posted on

2

Tip for Preventing XSS in ASP.NET

#dotnet #asp #aspnet #html

I am going to show you an old but useful tip in order to prevent command injection in our forms.

First of all, We have this line that does not encode HTML:

In order to encode correctly this output and avoid XSS attacks, you should convert it to this way:

However, ASP.NET MVC introduces this reduced syntax with the same purpose:

Did you see it?
The key is to replace <%= with <%:

Happy coding!

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

snippflow profile image

CSS Responsive Comparison Table

SnippFlow -

dotnetfullstackdev profile image

Autofac Dependency Injection in ASP .NET Core 8

DotNet Full Stack Dev -

tobidelly profile image

Login Signup Interface

TD! -

willvelida profile image

Building a token refresh service for the Fitbit API with Container App Jobs

Will Velida -