Safely Displaying Html Formatted User Content

Html escaping in ASP.NET MVC is a great way to prevent Cross-Site Scripting (XSS) attacks on your application.  The only problem I found was that sometimes an application needs to display formatted text and using the “Html.Encode(content)” will remove all formatting (as it is expected to). So I have written a little extension method that … Continue reading Safely Displaying Html Formatted User Content

Advertisements