I saw in a tutorial video that we should use Html.Encode in our views to prevent malicious injections. However, when the text that I'm encoding contains the ' character (for example Dog's) the output in the browser is Dog#39;s. I would have thought every potenti开发者_开发知识库ally dangerous character would be remaped to some safe code that the browser would render correctly. Is this not the case? How can I get ' to show up in the browser but in an HTML safe way?
The @ in Razor automatically encodes for you, meaning that you probably did a double encode.
Example:
@Html.Encode("This is \"safe\"")
is more or less the same as
@{Response.Write(Html.Encode(Html.Encode("This is \"safe\"")));}
Dunno if that last one works in Razor though.
If you are using ASP.NET MVC 2 <%: %> is already encoding the value for you In Razor (MVC 3) @ encodes the values for you so you do not need to wrap the output in Html.Encode
Make sure that you are not double encoding
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论