<div>
Is there any way you could give me a tiny example of bad HTML that gets &quot;fixed&quot; by some encoder? &nbsp;I don't yet understand what an eval() method would look for or change to solve the problem.
</div>


Is there any way you could give me a tiny example of bad HTML that gets "fixed" by some encoder?  I don't yet understand what an eval() method would look for or change to solve the problem.

<div>
<div class="content wysiwyg-content">
In the Nerd Dinner Chapter 1 I read &quot;You should be careful to always HTML-encode any user-entered values to avoid HTML and JavaScript injection attacks&quot;<br />
<br />
Please explain how HTML encoding works and what tools are avilable. &nbsp;Also, a simple example of what an HTML or JavaScript injection attack would be great.<br />
<br />
Thanks,<br />
newbieweb
</div>
</div>


In the Nerd Dinner Chapter 1 I read "You should be careful to always HTML-encode any user-entered values to avoid HTML and JavaScript injection attacks"

Please explain how HTML encoding works and what tools are avilable.  Also, a simple example of what an HTML or JavaScript injection attack would be great.

Thanks,
newbieweb

HTML encoding with MVC2?

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

HTML (HyperText Markup Language) is the main markup language for creating web pages and other information to be displayed in a web browser, providing both the structure and content for what is sent from a web server through the use of tags. The current implementation of the HTML specification is HTML5.