dc.
Reputation: 207
Is use of AntiXss library necessary/recommended in mvc 3 razor application
Is use of AntiXss library necessary/recommended in mvc 3 razor application? Where can I find out more about encoding options for mvc 3?
Upvotes: 4
Views: 1066
Answers (1)
Mark Keats
Reputation: 1400
Razor automatically encodes the output to prevent XSS. If you need to output HTML mark-up then you can use the @Html.Raw(myVariable) method or make sure the variables you need to not be encoded are of type HtmlString.
Upvotes: 3
Related Questions
- Microsoft AntiXSS Alternative
- ASP.Net MVC Html.Raw with AntiXSS protection
- Input sanitization with MVC Razor - how to be safe?
- Does ASP.NET MVC 4 require extra XSS handling by default
- ASP MVC 4.5 AntiXSS Library + allow HTML content
- Microsoft AntiXSS wpl using in asp.net mvc3 applicaton
- AntiXss library not working well
- Should I use the Anti-XSS Security Runtime Engine in ASP.NET MVC?
- ASP.NET MVC 2 - AntiXSS vs Built In MVC Encoding
- Suggestions for where to put AntiXSS calls in ASP.NET MVC