HTML Injection Warning

HTML Injection Warning

  

For the SilkUI Responsive Sample, there are constant warnings from the x.y Expression saying "Ensure the expression is protected by using EncodeHTML(),as well as SQL injection warning.  

I would like to know how and where can I adopt the Sanitization extension it stated to clear out the security risk?

Solution

Hello

The message appears because you set the Escape Content to No.
Set to Yes unless you want to inject HTML/JavaScript. Than the message will go away.

On those cases you may need sanitation. Otherwise, no.

Cheers.

Solution