Filter
Top Products
272 Microsoft Visual Studio 2010: A Beginner’s Guide
<td>
<%= Html.Encode(item.CustomerID) %>
</td>
<td>
<%= Html.Encode(item.Name) %>
</td>
<td>
<%= Html.Encode(item.Age) %>
</td>
<td>
<%= Html.Encode(String.Format("{0:g}",
item.Birthday)) %>
</td>
<td>
<%= Html.Encode(String.Format("{0:F}",
item.Income)) %>
</td>
</tr>
<% } %>
</table>
<p>
<%= Html.ActionLink("Create New", "Create") %>
</p>
</asp:Content>
Listing 9-8 organizes the list of Customers in a table. The tr tags are rows, th are
header cells, and td are content cells. After specifying the header row, the foreach loop
iterates on the Model to render each content row. If you recall from Listing 9-7, the
Index action method called View with a List<Customer> (List(Of Customer) in VB).
When creating the View, we specified the object type as Customer, which means that the
reference to Model in the foreach statement is to List<Customer> and item contains a
Customer object.
For each cell being rendered, item is the current Customer and the property for that
cell is referenced by the property of Customer that should display. What is particularly
important about displaying the data is that each cell uses the Html.Encode helper method
instead of displaying the data directly. This is a best practice for best security to ensure
that any data displayed is not treated as HTML markup or accidentally runs JavaScript
that you didn’t intend. You see, a malicious hacker could add JavaScript during data entry
and when you display that field, the browser would try to run the JavaScript code, which