Someone can easily inject some harm code into our website. So we need to encode user data before storing into database. Example some comments from users.
In normal ASP.NET we need to encode user data explicitly but in ASP.NET MVC Razor all expressions are automatically HTML encoded. So no need to explicit handling.
If we want to display HTML code on webpage, we need to use @HTML.Raw(item.comments) in ASP.NET MVC.