You’ve probably heard about cross site scripting exploits that hackers have been using to take control of computers for some time now and how they work is this:
Asp .Net 2 helps you solve that problem in a very simple way.
Many common controls now, such as the literal control and the label control – controls commonly used for displaying output to the user – have an attribute “mode”. This attribute can be set to “Encode” which ensures that any html characters found inside the Text attribute (such as ‘<‘ and ‘>’) that would, if displayed normally, cause the browser to take some action or other, such as running a script, will be output as their percentage character code (an example is %20 for space, often used in filenames in html). This ensures that script, if entered, will not be run as such.
Not all controls provide this functionality though, so there is another option. Asp .Net 2.0 provides a HttpUtility class, and one of its methods is the HttpEncode method, which, as above, will render provided text safe for display.
A lot of big sites have been caught by xss errors and they can creep in very easily. These are simple ways to minimize the risk with very little extra work.