daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Corrected the example and a typo (#4863) 

1. Corrected the contradicting example of HttpUtility while Security Note was telling about HttpServerUtility use
2. Corrected example of url string the purposed url didn't matched with the result image previously.
pull/4874/head
Rajan Chauhan 2017-11-28 05:41:29 +05:30 committed by Rick Anderson
parent e081f81ae8
commit f6f3c0290e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
aspnet/mvc/overview/getting-started/introduction/adding-a-controller.md
View File

@ -77,7 +77,7 @@ Let's modify the example slightly so that you can pass some parameter informatio
[!code-csharp[Main](adding-a-controller/samples/sample3.cs)] [!code-csharp[Main](adding-a-controller/samples/sample3.cs)]
> [!NOTE] > [!NOTE]
> Security Note: The code above uses [HttpServerUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/w3te6wfz.aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx). > Security Note: The code above uses [HttpUtility.HtmlEncode](https://msdn.microsoft.com/en-us/library/ee360286(v=vs.110).aspx) to protect the application from malicious input (namely JavaScript). For more information see [How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings](https://msdn.microsoft.com/en-us/library/a2a4yykt(v=vs.100).aspx).
Run your application and browse to the example URL (`http://localhost:xxxx/HelloWorld/Welcome?name=Scott&numtimes=4`). You can try different values for `name` and `numtimes` in the URL. The [ASP.NET MVC model binding system](http://odetocode.com/Blogs/scott/archive/2009/04/27/6-tips-for-asp-net-mvc-model-binding.aspx) automatically maps the named parameters from the query string in the address bar to parameters in your method. Run your application and browse to the example URL (`http://localhost:xxxx/HelloWorld/Welcome?name=Scott&numtimes=4`). You can try different values for `name` and `numtimes` in the URL. The [ASP.NET MVC model binding system](http://odetocode.com/Blogs/scott/archive/2009/04/27/6-tips-for-asp-net-mvc-model-binding.aspx) automatically maps the named parameters from the query string in the address bar to parameters in your method.
@ -90,7 +90,7 @@ Replace the Welcome method with the following code:
[!code-csharp[Main](adding-a-controller/samples/sample4.cs)] [!code-csharp[Main](adding-a-controller/samples/sample4.cs)]
Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/3?name=Rick` Run the application and enter the following URL: `http://localhost:xxx/HelloWorld/Welcome/1?name=Scott`
![](adding-a-controller/_static/image8.png) ![](adding-a-controller/_static/image8.png)