How do you avoid XSS vulnerabilities in ASP.Net (MVC)?

Question

I recently noticed that I had a big hole in my application because I had done something like:

\" />
         


        

Answer 1

In ASP.Net 4.0 or later, always use <%: ... %> instead of <%= ... %> ... it does the HTML encoding for you.

Scott Gu's explanation.

Having done that, it's fairly straightforward to grep your code for <%= regularly as a security precaution.

Also, are you using the Microsoft Anti-XSS library?