leastprivilege.com
Eval is not Evil
While working through the ASP.NET security reference implementation (which is good work btw), the following guideline caught my attention: “Additionally, all calls to DataBinder.Eval() have b…