Reputation: 33318
What does the new <%: %> encoding syntax in Visual Studio 2010 do?
Scott Hanselman's latest blog entry about the new VS 2010 features mentions "the new <%: %> encoding syntax". What does it do? Searching for these tags with google doesn't seem to be possible...
Thanks,
Adrian
Upvotes: 6
Views: 232
Answers (5)
Reputation: 32500
Its purpose is to help prevent against XSS attacks via encoding the HTML.
Upvotes: 0
Reputation: 32954
I think it ensures that the text contained inside is sanitized, so that java script can't be injected into the page
so if you have
userdata = alert ("textstring")
<%= userdata %>
will show a messagebox in on the page
<%: userdata %>
will show the text 'alert ("textstring")'
Upvotes: 1
Reputation: 10084
Actually this Google search lead me to this explanation of Scott Guthrie.
Upvotes: 1
Reputation: 6805
It outputs HTML with the entities encoded. It's short-hand for
<%= HttpUtility.HtmlEncode("Some string") %>
Furthermore, it can be extended to do extra cool stuff, like protecting the output against XSS, as Phil Haack demonstrated.
Phil Haack, Scott Guthrie and Scott Hanselman have blogged extensively about new and improved features in .NET 4.
Upvotes: 8
Reputation: 269658
It will automatically HTML-encode the enclosed expression.
So...
<%: yourString %>
... is equivalent to ...
<%= HttpUtility.HtmlEncode(yourString) %>
See the following MSDN link for more info:
Upvotes: 4
Related Questions
- What does <%# mean in aspx files
- what does " <%: " do?
- Difference between <%: %> and <%#: %> in Asp.Net
- what is <%: %> do in asp.net mvc?
- Are <%: and <%= the same thing as embbed code (expression) blocks
- What does mean ":" in <%: and what is the difference to <%=?
- Is it possible to use <%: in .net framework 3.5
- What does <%: %> do in ASP.NET (MVC2)?
- In ASP.NET MVC, what is the difference between <%= and <%:?
- Do you use <%: %> or <%= %> for html helpers in ASP.NET MVC 2.0?