what does " <%: " do?

Asked Sep 30 '12 at 15:19

Active Sep 30 '12 at 15:32

Viewed 913 times

7

I have seen the following tag as an answer to a question:

<%: Model.FirstName %>

what does " <%: " do?

edited Sep 30 '12 at 15:32

The Unfun Cat

29,987
31
114
156

asked Sep 30 '12 at 15:19

ravisilva

259
3
10

2 Answers2

6

It html encodes the output of Firstname, this prevents encoding attacks like cross-side scripting (XSS).

Html encoded:

<%: Model.FirstName %>

Normal output:

<%= Model.FirstName %>

More info can by found at this blog post:

New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

answered Sep 30 '12 at 15:21

Erwin

4,757
3
31
41

2

There is some useful information for this: http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx

answered Sep 30 '12 at 15:23

Akan Murat Cimen

160
1
11