How to Html.Encode in webforms

asp.net security webforms html-encode
Mr Cricket picture Mr Cricket · Oct 25, 2010 · Viewed 13.1k times · Source

I have an ASP.NET Web Forms application. There is a page with TextBoxes and users enter search terms into these which are used to query the database.

I know that I need to prevent JavaScript injection attacks. How do I do this?

In MVC I would use Html.Encode. It doesn't seem to be recognized in Web Forms.

Thanks!

Answer

Badaro picture Badaro · Oct 25, 2010

You can use HttpUtility.HtmlEncode

Related questions

What are all the user accounts for IIS/ASP.NET and how do they differ?

Under Windows Server 2008 with ASP.NET 4.0 installed there is a whole slew of related user accounts, and I can't understand which one is which, how to they differ, and which one is REALLY the one that my app runs under. …

Read More
X-Frame-Options Allow-From multiple domains

I have an ASP.NET 4.0 IIS7.5 site which I need secured using the X-Frame-Options header. I also need to enable my site pages to be iframed from my same domain as well as from my facebook app. Currently I have …

Read More
ASP.NET Identity's default Password Hasher - How does it work and is it secure?

I am wondering wether the Password Hasher that is default implemented in the UserManager that comes with MVC 5 and ASP.NET Identity Framework, is secure enough? And if so, if you could explain to me how it works? IPasswordHasher interface …

Read More