ASP.NET MVC Preventing JavaScript Injection Attacks-

There are two ways to do this -
1) Using HTML Encode in view
2) Using Html Encode in controller

 

Approach #1: HTML Encode in the View

 


	@{
  Html.Encode(Model.Value)
	}


Approach #2: HTML Encode in the Controller -Code behind


	public ActionResult Create(string value)
 	{ 
	 var newModel = new Model();
	 newModel.Value = Server.HtmlEncode(value); 
	 db.Model.InsertOnSubmit(newModel);
	 db.SubmitChanges();
	 return RedirectToAction("Index");
	}