protected void Page_Load(object sender, EventArgs e)
{
var searchTerm = Request.Unvalidated.QueryString["q"];
if (!Regex.IsMatch(searchTerm, @"^[\p{L} \.\-]+$"))
{
throw new ApplicationException("Search term is not allowed");
}
SearchTerm.Text = AntiXssEncoder.HtmlEncode(searchTerm, true);
var products = new Product().GetSampleProductList();
SearchGrid.DataSource = products.Where(p => p.Name.IndexOf(searchTerm, StringComparison.OrdinalIgnoreCase) >= 0);
SearchGrid.DataBind();
}
