Home » Microsoft » 70-515 » Which code segment should you use?
You are developing an ASP.NET MVC 2 application.
A view contains a form that allows users to submit their first name.
You need to display the value that is submitted, and you must ensure that your code avoids cross-site scripting. Which code segment should you use?
A. <%: Model.FirstName %>
B. <%= Model.FirstName %>
C. <% Response.Write(Model.FirstName) %>
D. <% Response.Write(HttpUtility.HtmlDecode(Model.FirstName)) %>
Correct Answer: A
Explanation/Reference:
The new <%: %> syntax provides a concise way to automatically HTML encode content and then render it as output.
It allows you to make your code a little less verbose, and to easily check/verify that you are always HTML encoding content throughout your site. This can help protect your applications against cross-site script injection (XSS) and HTML injection attacks
