[-] View is responsible for take data from controller and produce HTML
[-] Five Ways to Add Dynamic Content to a View: Inline code, HTML helpers, Server controls, Partial views, Child actions
[-] Keep view as simple as possible to reduce incline code
[-] HTML-Encode user input. HTML Encode means replacing each special character in the text (e.g., <) with its HTML entity equivalent (e.g., & l t ; ), which means it translate the original test into a HTML-Encoded format so that browser will display the original text, rather than render then into HTML elements.
[-] Use syntax on .Net 4 render value to HTML, framework will encode HTML for you if necessary.
Advertisement
