Answer: To avoid xss vulnerabilities, you have to use the syntax as '<%: %>' in ASP.NET MVC instead of using the syntax as '<%= %>' in .net framework 4.0.
This is because it does the HTML encoding.
Example:
<input type="text" value="<%: value%>" />
Asked In: Many Interviews |
Alert Moderator