I am having a very annoying issue that I so far don't know how to solve. I am building a website using ASP.NET MVC and C# which shows a table to the user. The data comes from a MS SQL database and I am using MVCGrid.net to create the table. Here is an example for a column that will be shown in the table:
cols.Add("note").WithHtmlEncoding(false)
.WithValueExpression(i => i.Notice)
.WithValueTemplate("{Value}<button class='btn btn-primary btn-block' data-target='#note-modal' data-record-id='{Model.ShipmentID}' data-note='{Value}' data-toggle='modal'><span class='glyphicon glyphicon-pencil'></span></button>")
.WithSorting(true)
.WithFiltering(true);
The problem: When i.Notice contains any characters that could potentially break the HTML syntax of my website, I do not know any way to prevent that from happening. I tried to use WebUtility.HtmlDecode() but that did not fix the problem. How can I make sure that no HTML injection or anything of that type happens on my website?