ASP.NET MVC2 -- How is Html.Encode() used?

Question

How is Html.Encode() used? What is its purpose, and how is it useful?

Oded · Accepted Answer · 2011-01-15 15:33:49Z

3

It HTML encodes the passed it text - this escapes things to avoid certain types of attacks, such as XSS.

For example:

Html.Encode("<script>alert('hi');</alert>")

Will result in:

&lt;script&gt;alert('hi');&lt;/script&gt;

Being output to the page. This ensures that the script will not run.

answered Jan 15, 2011 at 15:26

Oded

501k102 gold badges900 silver badges1k bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Chris · Accepted Answer · 2011-01-15 15:29:15Z

0

It encodes tags found in text into their html equiv. For example if '&' was received it would be changed into '&'

Hope this helps.

answered Jan 15, 2011 at 15:29

Chris

3,2014 gold badges24 silver badges37 bronze badges