For a practical example of where this HTML encoding escape
mechanism is useful, consider scenarios where you use HTML helper methods with ASP.NET MVC. These helper
methods typically return HTML. For example: the Html.TextBox() helper
method returns markup like <input type=”text”/>. With ASP.NET MVC 2
these helper methods now by default return HtmlString types – which indicates
that the returned string content is safe for rendering and should not be
encoded by <%: %> nuggets.
This allows you to use these methods within both <%=
%> code nugget blocks:
As well as within <%: %> code nugget blocks:
In both cases above the HTML content returned from the
helper method will be rendered to the client as HTML – and the <%: %>
code nugget will avoid double-encoding it.
This enables you to default to always using <%: %>
code nuggets instead of <%= %> code blocks within your
applications. If you want to be really hardcore you can even create a
build rule that searches your application looking for <%= %> usages and
flags any cases it finds as an error to enforce that HTML encoding always takes
place.