I have seen the following tag as an answer to a question:
<%: Model.FirstName %>
what does " <%: " do?
It html encodes the output of Firstname, this prevents encoding attacks like cross-side scripting (XSS).
Html encoded:
Normal output:
<%= Model.FirstName %>
More info can by found at this blog post:
New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)
1.4m articles
1.4m replys
5 comments
57.0k users