say I have a textBox and a property to get and set its value:

Question

0

Asked: May 18, 20262026-05-18T07:23:05+00:00 2026-05-18T07:23:05+00:00

say I have a textBox and a property to get and set its value:

0

say I have a textBox and a property to get and set its value:

public SomeText
{
   get { return HttpUtility.HtmlEncode(textBox.Text); }
   set { textBox.Text = HttpUtility.HtmlEncode(value); }
}

I have used HtmlEncode to prevent Javascript injection attacks. After thinking about it though I’m thinking I only need the HtmlEncode on the getter. The setter is only used by the system and can not be accessed by an external user.

Is this correct?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T07:23:06+00:00

Editorial Team

2026-05-18T07:23:06+00:00Added an answer on May 18, 2026 at 7:23 am

Yes. You only need to encode strings that you have accepted from the users and you have to show inside your pages.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

say I have a textBox and a property to get and set its value:

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply