Every time a user posts something containing <
or >
in a page in my web application, I get this exception thrown.
I don\'t want to go
Please bear in mind that some .NET controls will automatically HTML encode the output. For instance, setting the .Text property on a TextBox control will automatically encode it. That specifically means converting <
into <
, >
into >
and &
into &
. So be wary of doing this...
myTextBox.Text = Server.HtmlEncode(myStringFromDatabase); // Pseudo code
However, the .Text property for HyperLink, Literal and Label won't HTML encode things, so wrapping Server.HtmlEncode(); around anything being set on these properties is a must if you want to prevent from being output into your page and subsequently executed.
Do a little experimenting to see what gets encoded and what doesn't.