Should we use encoding for HtmlString?

Question

Should we use encoding for HtmlString?

What is better in ASP.NET MVC

<%= Html.LabelForModel() %>

or

 <%: Html.LabelForModel() %>

? Why?

+4

c # .net asp.net asp.net-mvc

Dmitry Borovsky Dec 16 '10 at 15:45

source share

3 answers

If it returns an MvcHtmlString, it does not matter; <%: will know that it is pre-shielded. Therefore i would use <%: since the reviewer should not think, "is it shielded?" Or is it an unprocessed field? "

Of course, it depends on the code that creates the correct MvcHtmlString ...

+5

Marc gravell Dec 16 '10 at 15:50

source share

Nothing is better. They both output the exact same markup.

0

jfar Dec 16 '10 at 15:48

source share

L-four · Accepted Answer · 2010-12-16T15:49:18+0000

This article explains what and why: http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net -4-and-asp-net-mvc-2.aspx

Should we use encoding for HtmlString?

More articles: