Do we need to Encode HTML code ASP.MVC

Basic Reason: 

Someone can easily inject some harm code into our website. So we need to encode user data before storing into database. Example some comments from users. 

In normal ASP.NET we need to encode user data explicitly but in ASP.NET MVC Razor all expressions are automatically HTML encoded. So no need to explicit handling. 

If we want to display HTML code on webpage, we need to use @HTML.Raw(item.comments) in ASP.NET MVC.

Share this post :

Post a Comment

Please give your valuable feedback on this post. You can submit any ASP.NET article here. We will post that article in this website by your name.

Support : Ranga Rajesh Kumar
Copyright © 2012. ASP.NET Examples - All Rights Reserved
Site Designed by Ranga Rajesh Kumar