What does the new syntax <%:%> do in Visual Studio 2010?

Question

What does the new syntax <%:%> do in Visual Studio 2010?

Scott Hanselman’s latest blog post on VS 2010’s new features mentions “new syntax <%:%>”. What does it do? Searching for these tags with google is not possible ...

Thanks,

Adrian

+6

asp.net asp.net-mvc visual-studio-2010

Adrian grigore Apr 16 '10 at 8:44

source share

5 answers

It automatically encodes the encoded HTML expression.

So...

 <%: yourString %>

... is equivalent ...

 <%= HttpUtility.HtmlEncode(yourString) %>

See the following MSDN link for more information:

HTML encoded expressions

+4

Lukeh Apr 16 '10 at 8:48

source share

I think it ensures that the text contained inside is misinformed so that the java script cannot be injected into the page

so if you have

 userdata = alert ("textstring") <%= userdata %>

a message appears on the page

 <%: userdata %>

will display a text warning ("textstring") '

+1

Sam holder Apr 16 '10 at 8:47

source share

In fact, this Google search leads me to this explanation of Scott Guthrie .

+1

Prutswonder Apr 16 '10 at 8:49

source share

Its purpose is to help prevent XSS attacks using HTML encoding.

0

Ajm Apr 16 '10 at 8:58

source share

alastairs · Accepted Answer · 2010-04-16T08:48:10+0000

It outputs HTML with encoded objects. It is short for

 <%= HttpUtility.HtmlEncode("Some string") %>

In addition, it can be expanded to provide additional cool material, such as output protection against XSS, as Phil Haack demonstrated .

Phil Haack , Scott Guthrie, and Scott Hanselman actively talk about the new and improved features of .NET 4.

What does the new syntax <%:%> do in Visual Studio 2010?

More articles: