Chapter 13. What's New in ASP.NET MVC 2
ASP.NET MVC 2 builds on ASP.NET MVC 1.0, introducing productivity-oriented enhancements and features throughout the Framework. Although we've touched on them throughout the book, this chapter will summarize them for those of you who have used ASP.NET MVC 1.0 and want a recap on what's changed.
There's a white paper on the ASP.NET website that overviews the changes (www.asp.net/learn/whitepapers/what-is-new-in-aspnet-mvc/). We're going to focus on some of the standout features you'll really want to know about.
SECURITY
ASP.NET MVC 2 has several enhancements which help you to write secure web applications. We've talked about them in Chapter 9, but look at two in a bit more detail here: HTML Encoding Code Blocks and JsonResult.
HTML Encoding Code Blocks
HTML Encoding Code Blocks are actually a feature of ASP.NET 4, but they're so useful in ASP.NET MVC 2 that it's worth calling them out. This syntax is shorthand for Html.Encode (well, actually the HttpUtility.Encode that powers Html.Encode).
Instead of this:
<%= Html.Encode(Model.PotentialEvil) %>
Code snippet 13-1.txtYou can now type this:
<%: Model.PotentialEvil %>
Code snippet 13-2.txtWe hope that we convinced you of the importance of always HTML-encoding any external data you display during the discussion on XSS in Chapter 9. With this new HTML Encoding Code Block syntax, there's just no excuse for writing out un-encoded content — it doesn't require a single additional character of code!
There are ...
Get Professional ASP.NET MVC 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
