HTML编码的用户输入

public string Browse(string genre)

{

returen HttpUtility.HtmlEncode(genre);

}

HttpUtility.HtmlEncode能阻止JavaScript代码