A Cross Site Scripting Attack or XSS is a malicious markup and script that enters a web page then stores in the system and be rendered in a web page. Depending on the script injected, it can cause damage to a website ranging from annoying popups to Â stealing credentials. It is vital for ASP.NET MVC developers to prevent this kind of attack.
Most Cross Site Scripting attacks can be prevented if you encode the user input properly. You need to make sure that it is encoded properly at two distinct places as far as ASP.NET MVC is concerned.
Read the rest of the tutorial here:Â http://www.codeguru.com/csharp/.net/net_asp/preventing-cross-site-scripting-attacks-in-asp.net-mvc-4.htm