public IActionResult AddWord(string word, string meaning) { //Use HtmlEncode to eliminate the risk of script injection var safeWord = WebUtility.HtmlEncode(word); var safeMeaning = WebUtility.HtmlEncode(meaning); _words.AddWord(safeWord, safeMeaning); return(RedirectToAction("Index")); }