This documentation is archived and is not being maintained.

HttpResponse.Write Method (String)

.NET Framework 1.1

Writes a string to an HTTP output content stream.

[Visual Basic]
Overloads Public Sub Write( _
   ByVal s As String _
)
[C#]
public void Write(
 string s
);
[C++]
public: void Write(
 String* s
);
[JScript]
public function Write(
   s : String
);

Parameters

s
The string to write to the HTTP output stream.

Remarks

Dynamically generated HTML pages can introduce security risks if input received from Web clients is not validated either when it is received from a client or when it is transmitted back to a client. Malicious script that is embedded in input submitted to a Web site and later written back out to a client can appear to be originating from a trusted source. This vulnerability is referred to as a cross-site scripting attack. You should always validate data that is received from a client when it will be transmitted from your site to client browsers.

Moreover, whenever you write out as HTML any data that was received as input, you should encode it using a technique such as HtmlEncode or UrlEncode to prevent malicious script from executing. This technique is useful for data that was not validated when it was received.

When you encode or filter data, you must specify a character set for your Web pages so that your filter can identify and remove any byte sequences that do not belong to that set (such as nonalphanumeric sequences) and could potentially have malicious script embedded in them.

For more information about cross-site scripting attacks, see MSDN article Q252985 at http://msdn.microsoft.com.

Requirements

Platforms: Windows 2000, Windows XP Professional, Windows Server 2003 family

See Also

HttpResponse Class | HttpResponse Members | System.Web Namespace | HttpResponse.Write Overload List

Show: