Safely Displaying Html Formatted User Content

Html escaping in ASP.NET MVC is a great way to prevent Cross-Site Scripting (XSS) attacks on your application.  The only problem I found was that sometimes an application needs to display formatted text and using the “Html.Encode(content)” will remove all formatting (as it is expected to). So I have written a little extension method that … Continue reading Safely Displaying Html Formatted User Content


Shortening Open Id & MVC

I’ve been working on a project that uses Open Id as the authentication method for public users.  I decided to use the DotNetOpenAuth provider to handle a lot of the grunt work for authentication.  The provider does a lot to simplify the process, but I wanted to make it shorter so I wrote a wrapper … Continue reading Shortening Open Id & MVC