ASP.NET MVC2 -- How is Html.Encode() used?

Question

How is Html.Encode() used? What is its purpose, and how is it useful?

Oded · Accepted Answer · 2011-01-15T15:33:49.630

3

It HTML encodes the passed it text - this escapes things to avoid certain types of attacks, such as XSS.

For example:

Html.Encode("<script>alert('hi');</alert>")

Will result in:

&lt;script&gt;alert('hi');&lt;/script&gt;

Being output to the page. This ensures that the script will not run.

edited Jan 15 '11 at 15:33

answered Jan 15 '11 at 15:26

Oded

score 0 · Answer 2 · answered Jan 15 '11 at 15:29

0

It encodes tags found in text into their html equiv. For example if '&' was received it would be changed into '&'

Hope this helps.

answered Jan 15 '11 at 15:29

Chris

2 Answers2