diff --git a/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md b/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md index 5fce2b5112..0c05f147dd 100644 --- a/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md +++ b/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md @@ -77,7 +77,7 @@ Let's modify the example slightly so that you can pass some parameter informatio [!code-csharp[Main](adding-a-controller/samples/sample3.cs)] > [!NOTE] -> Security Note: The code above uses [HttpServerUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/w3te6wfz.aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx). +> Security Note: The code above uses [HttpUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/ee360286(v=vs.110).aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx). Run your application and browse to the example URL (`http://localhost:xxxx/HelloWorld/Welcome?name=Scott&numtimes=4`). You can try different values for `name` and `numtimes` in the URL. The [ASP.NET MVC model binding system](http://odetocode.com/Blogs/scott/archive/2009/04/27/6-tips-for-asp-net-mvc-model-binding.aspx) automatically maps the named parameters from the query string in the address bar to parameters in your method. @@ -90,7 +90,7 @@ Replace the Welcome method with the following code: [!code-csharp[Main](adding-a-controller/samples/sample4.cs)] -Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/3?name=Rick` +Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/1?name=Scott` ![](adding-a-controller/_static/image8.png)