I stumbled upon Microsoft ASP.NET's WingTipToy project where the line of code uses <%#: instead of <%#
What's the real main difference here?
By adding the (:) to the end of the <%# prefix, the result of the data-binding expression is HTML-encoded. When the result is HTML-encoded, your application is better protected against cross-site script injection (XSS) and HTML injection attacks
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.