Skip Navigation LinksHome > Categories > Code from a Category

Html Encoded Expressions in ASP.NET 4.0



User Name: codelecturer
Name: Mike Chauhan
Contact Me: www.datawebcoder.com/ContactUs.aspx
Home Page: www.datawebcoder.com
6 years of total IT experience including programming, application development, System Maintenance . 3 years of Experienced and expertise in .Net Framework VB, Visual Basic.Net, ASP.Net 2.0, 3.5 and AD... [More]
Viewed Times: 1760
Add Date: 11/18/2011
We all know <%=expression%> features in asp.net. We can print any string on page from there. Mostly we are using them in asp.net mvc. Now we have one new features with asp.net 4.0 that we have HTML Encoded Expressions and this prevent Cross scripting attack as we are html encoding them.
ASP.NET 4.0 introduces a new expression syntax <%: expression %> which automatically convert string into html encoded. Let’s take an example for that.

I have just created an hello word protected method which will return a simple string which contains characters that needed to be HTML Encoded. Below is code for that.


Now let’s use the that hello world in our page html like below. I am going to use both expression to give you exact difference.

Now let’s run the application and you can see in browser both look similar.
But when look into page source html in browser like below you can clearly see one is HTML Encoded and another one is not.

Post a Comment

Name: (Optional)
Email: (Optional, you can get an email if somebody replys your comments)*
Email me if somebody respons my comment below:
Details**:
Enter Text
as Below:
(case insensitive, if hard to read, click the "get a new one" button)
 
    
* Your email address will not be shared with any third parties for any reason.
** Maximum 1000 charactors.