Mitigating XSS in ASP.NET 4.0 and ASP.NET MVC 3

One of the new features of the post 4.0 .net framework is the HTML Encoding Output shortcut.  Instead of using the verbose syntax listed below: [csharp htmlscript=”true”] <div> <#= Server.HtmlEncode(Model.Content) %> </div> [/csharp] we can simply use the new Code Nugget syntax: [csharp htmlscript=”true”] <div> <#: Model.Content %> </div> [/csharp] Note that this only works […]