HTML encoding is the process of replacing ASCII characters with their 'HTML Entity' equivalents
HTML Encoding table
http://www.ascii.cl/htmlcodes.htm
To avoid cross site scripting attacks
1. IHTML Strings
public static IHtmlString Image(this HtmlHelper helper, string src, string alt)
{
TagBuilder tb = new TagBuilder("img");
tb.Attributes.Add("src", VirtualPathUtility.ToAbsolute(src));
tb.Attributes.Add("alt", alt);
return new MvcHtmlString(tb.ToString(TagRenderMode.SelfClosing));
}
2. HTML.Raw()
@Html.Raw(@Html.Image(@Model.Photo, @Model.AlternateText))
3. <%= %>
using View engine of ASPX
because the default is <% : %>