I’m building a website at the moment, I’ve some html fragment that is being

Question

0

Asked: May 14, 20262026-05-14T15:18:14+00:00 2026-05-14T15:18:14+00:00

I’m building a website at the moment, I’ve some html fragment that is being

0

I’m building a website at the moment, I’ve some html fragment that is being stored into the database, I’ve been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it.

So, my question is there any alternative way to safely display the html code and won’t pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database?

Cheers

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T15:18:15+00:00

Editorial Team

2026-05-14T15:18:15+00:00Added an answer on May 14, 2026 at 3:18 pm

You should always HtmlEncode any user generated data before you display it (to avoid XSS attacks).

In asp.net 4.0 they have a new server side output tag to automatically encode data:

<%: "text to encode"%>

This is instead of:

<%= "text that will not be encoded"%>

Which is still around for backwards compatibility.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m building a website at the moment, I’ve some html fragment that is being

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply