From f6f3c0290e8ca15a3cf53fadaeb42ff224f95fd3 Mon Sep 17 00:00:00 2001 From: Rajan Chauhan <33890781+rajan-carwale@users.noreply.github.com> Date: Tue, 28 Nov 2017 05:41:29 +0530 Subject: [PATCH] Corrected the example and a typo (#4863) 1. Corrected the contradicting example of HttpUtility while Security Note was telling about HttpServerUtility use 2. Corrected example of url string the purposed url didn't matched with the result image previously. --- .../getting-started/introduction/adding-a-controller.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md b/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md index 5fce2b5112..0c05f147dd 100644 --- a/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md +++ b/aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md @@ -77,7 +77,7 @@ Let's modify the example slightly so that you can pass some parameter informatio [!code-csharp[Main](adding-a-controller/samples/sample3.cs)] > [!NOTE] -> Security Note: The code above uses [HttpServerUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/w3te6wfz.aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx). +> Security Note: The code above uses [HttpUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/ee360286(v=vs.110).aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx). Run your application and browse to the example URL (`http://localhost:xxxx/HelloWorld/Welcome?name=Scott&numtimes=4`). You can try different values for `name` and `numtimes` in the URL. The [ASP.NET MVC model binding system](http://odetocode.com/Blogs/scott/archive/2009/04/27/6-tips-for-asp-net-mvc-model-binding.aspx) automatically maps the named parameters from the query string in the address bar to parameters in your method. @@ -90,7 +90,7 @@ Replace the Welcome method with the following code: [!code-csharp[Main](adding-a-controller/samples/sample4.cs)] -Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/3?name=Rick` +Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/1?name=Scott` ![](adding-a-controller/_static/image8.png)