Block code with a single Response.Write()¶
ID: cs/asp/response-write Kind: problem Severity: recommendation Precision: high Tags: - maintainability - frameworks/asp.net Query suites: - csharp-security-and-quality.qls
Click to see the query in the CodeQL repository
An inline code block containing a single
Response.Write() can be written more clearly using an inline expression.
ASP.NET provides general-purpose inline code, using the syntax “
<%...%>”. The inline code can emit content into the resulting HTML page by calling
In many cases, the inline code is only one line long, and does nothing more than issue a single call to
Response.Write(). For such cases, the call to
Response.Write() can be longer than the code to compute what will be embedded. This makes it harder to understand the intent of the code.
ASP.NET also provides inline expressions, using the syntax “
<%=...>”. An inline expression does not need to call
Response.Write(). The equals sign (=) is a concise way to tell ASP.NET to call
This example shows a page where an inline code block writes content using
<%@ Page Language="C#" %> <html> <body> <p>2 + 3 = <%Response.Write(2 + 3)%></p> </body> </html>
In the following example, the code block is replaced with an inline expression, and is thus more concise and direct.
<%@ Page Language="C#" %> <html> <body> <p>2 + 3 = <%=2 + 3%></p> </body> </html>