Reputation: 155
Plain html5 vs MVC razor security
I am not sure about it which one is more secure either plain Html 5 or MVC razor view. I guess perhaps it is MVC razor view as it encodes the string. Please suggest which is better way
Upvotes: 0
Views: 410
Answers (1)
Reputation: 19474
What do you mean about security? Razor - its engine which transform "template" to html. So thats mean if you print in razor template you will have it in output of html.
Well if we talk about cross side scripting first of all it depends how you do stuff in you application. But by default razor has fixed that. so lets say if you want print variable which contain HTMl it will escape that, but if you are sure that you want print raw you must use helper for that.
var html = "<script>alert(1)</script>"
@html //it will print "<script>alert(1)</script>"
@Html.Raw(html) will print what you want
So generally i would say that Razor "is a bit more secure" than plain html. So its not security its just one more layer
Upvotes: 1
Related Questions
- ASP.NET MVC and HTML5
- System.Web.Razor vs System.Web.WebPages.Razor
- MVC4 : HtmlHelper - pro & con
- Whats the difference with this razor?
- Designing HTML5 pages with ASP.NET MVC4 and Razor
- HTML5 with ASP.NET MVC
- Simple html vs extension methods in Razor (preference)
- html5 and webservices versus mvc3
- Using Razor without Visual Studio? System.Web.WebPages.Html.HtmlHelper vs. System.Web.Mvc.HtmlHelper
- ASP.NET MVC3 vs Silverlight4