How to use Html.Encode with Html.Texbox in Asp.net MVC?

How to use Html.Encode with html helper in ASP.NET MVC开发者_如何学Python to prevent javascript injection? For instance with:

   <%= Html.TextBox("Name") %>

---

the framework takes care of all that automatically. you have to specifically tell it not to check for dangerous input.

when you do you shouldn't decode anything going to the database if you allow basic html.

i choose not to encode on the client prefering my model to do that function. the view should show data and nothing else me thinks.

so on the way to the view in your model decode/encode at that point.

---

The poster Griegs is correct. In ASP.NET MVC 1.0 The Html.Textbox helper sanitizes input for you.

You might also want to know about the new HTML encoding block syntax in the next version of ASP.NET - you can read about it here:

ASP.NET 4.0 HTML BLock encoding syntax

---

Try this:

<%=Html.TextBox( "name", Html.Encode(var_value) , new { @class = 'css-class" } );%>