Auto exposure Asp.Net MVC

Question

Auto exposure Asp.Net MVC

In Asp.net Mvc, all line output is not saved by default, either you remember that you avoid everything with HTTPUtility, or you open yourself up for XSS attacks.

Now I am a forgetful guy, so I am looking for a solution that helps me “forget” to avoid all my lines for me.

Can anyone use any of the tricks they used make it easy to execute all the Asp.net MVC output?

+3

asp.net escaping asp.net-mvc

jfar Aug 22 '09 at 15:38

source share

2 answers

, , "" MVC, : , , , - .

MVCContrib, FluentHtml; , .

0

Matthew Groves 23 . '09 1:06

Cleiton · Accepted Answer · 2009-08-23T02:07:19+0000

jfar, what you want is absolutely possible, see this great blog post:

http://blog.codeville.net/2007/12/19/aspnet-mvc-prevent-xss-with-automatic-html-encoding/

, "<% =.... > "; , GenerateCodeFromStatement() CSharpCodeProvider, . HttpUtility.HtmlEncode asp.net mvc.

Auto exposure Asp.Net MVC

More articles: