Validating asp forms
Be aware that when doing this all input values (cookies, query string, form elements) handled by this page will not be validated by ASP. In this tutorial, we will explore how to create a formatted response in Controller Action methods. NET Core provides several APIs collectively called as Action Results to generate the correctly formatted response, which can be consumed by the Clients. This helper class provides a lot of helper methods, which makes the working with Controller easier.
You will need to add this protection manually if any input will be used in HTML output.
This check adds protection from markup or code in the URL query string, cookies, or posted form values that might have been added for malicious purposes.
This exploit is typically referred to as a cross-site scripting (XSS) attack.
Producing the Response directly in the controller classes, as shown above, makes it hard to Unit Test.
To Unit Test of such a controller class, we need to mock the implementations of the Response object.