Update Rule “do-you-know-how-to-render-html-strings/rule” (#6201)

SSWConsulting · Aug 1, 2023 · 0e9143b · 0e9143b
1 parent 516f972
commit 0e9143b
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/rules/do-you-know-how-to-render-html-strings/rule.md b/rules/do-you-know-how-to-render-html-strings/rule.md
@@ -8,13 +8,13 @@ authors:
 created: 2023-07-28T07:23:06.201Z
 guid: 521afe97-18c3-43bc-8ada-f3782960b10f
 ---
-To prevent cross-site scripting (XSS) attacks, HTML encoding is typically applied to restrain the browser from interpreting HTML strings as code. XSS attacks can occur when untrusted data is rendered on the browser without proper sanitization, thus potentially exposing the system to malicious scripts.
+[Cross-site scripting (XSS) attacks](https://en.wikipedia.org/wiki/Cross-site_scripting) occur when untrusted data is rendered on the browser without proper sanitization, thus potentially exposing the system to malicious scripts. To prevent XSS attacks, HTML encoding is typically applied to prevent the browser from interpreting HTML strings as code.
 
-However, this approach can sometimes cause confusion when an application requires to output raw HTML content that is already HTML encoded.
+However, this approach can cause confusion when an application needs to output content that is already HTML encoded.
 
 <!--endintro-->
 
-To solve this problem, the `IHtmlString` interface in .NET Core can be used to represent an HTML content that is pre-encoded and should not be encoded again.
+To solve this problem, the [`IHtmlString`](https://learn.microsoft.com/en-us/dotnet/api/system.web.ihtmlstring) interface in .NET Core can be used to represent HTML content that is pre-encoded and should not be encoded again.
 This is to prevent double encoding, which can distort the original HTML content and cause it to display incorrectly on a web page.
 
 ```cs
@@ -36,7 +36,7 @@ Figure: Good example - HTML tags using IHtmlContent have been treated as safe HT
 :::
 
 ::: info  
-You should only use IHtmlString when you are sure that the string doesn't contain any potentially harmful script tags. When dealing with user-provided content or content from an untrusted source, always ensure to sanitize or validate the HTML before rendering it.
+You should only use IHtmlString when you are sure that the string doesn't contain any potentially harmful script tags. When dealing with user-provided content or content from an untrusted source, always sanitize or validate the HTML before rendering it.
 :::