Suppose this is a blog entry, or forum question or something like that. If we allow anonymous users to submit arbitrary text, all sorts of bad stuff happens. One user can try to attack the other via our site, for example!

Luckily, Razor is safe by default. Taking potentially unsafe input and directly writing it to the page via @commentText will not hurt you. Try adding <script> alert('hacked you!');</script> as the input. Without special HTML encoding, that would run and possibly be trouble. But @ protects you from it and shows the raw HTML here.

Comment text:
Post / update a comment:

Comment Text