hi to all,
As we know that the server.htmlencode method makes html encodeing so what i understand hat if i have a text like that <b>Test string</b>
then when i apply the server.htmlencode method on that text then the output will be :
<b>Test String</b>
and the output after applying this method will be displayed on a Web browser as:
<b>Test string</b>
so my question why we directly send the text <b>Test string</b> to the web browser without using the server.htmlencode method to make encoding?
so ineed some clarification on that topic.
your help is highly appreciated
Best regards
wissam1:
why we directly send the text <b>Test string</b> to the web browser without using the server.htmlencode method to make encoding?
If you do not encode, it will behave as markup (you would see a bolden string in your sample), with all security concerns eventually involved. If instead you do encode, it will render as a plain string.
That's all i guess.
HTH. -LV
HI
HtmlEncoding is done mostly to avoid XSS (Cross Site Scripting) attacks.
Google for more on that.!
Thanks
0 comments:
Post a Comment