I am inserting html in database for the first time so I need some advice am I making it right and safe.
I have class with property:
\[code\][AllowHtml] public property Description {get;set}\[/code\]In View I have a tinyMCE (on text area) where user input his data.
When I display that html later I use:
\[code\]@Html.Raw(Model.Description)\[/code\]I don't know should I do something else to prevent some attack on site.
I have tried to input:
\[code\]<script>alert('attack');</script>\[/code\]but nothing happens it saves it in database and display as a normal text later.
Also I wonder if user leave some tag unclosed can he break my layout somehow.
What are smart steps when dealing with scenario like this?
I have class with property:
\[code\][AllowHtml] public property Description {get;set}\[/code\]In View I have a tinyMCE (on text area) where user input his data.
When I display that html later I use:
\[code\]@Html.Raw(Model.Description)\[/code\]I don't know should I do something else to prevent some attack on site.
I have tried to input:
\[code\]<script>alert('attack');</script>\[/code\]but nothing happens it saves it in database and display as a normal text later.
Also I wonder if user leave some tag unclosed can he break my layout somehow.
What are smart steps when dealing with scenario like this?