Fixing Cross-site Scripting in ASP.NET

The HtmlEncode() method can be used when displaying text directly inside HTML tags using block:

<% = Microsoft.Security.Application.AntiXss.HtmlEncode(this.txtName.Text) %>