Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Alternative of Html.Raw in ASP.NET WebForms

I was getting error "A potential dangerous request" .. in Web Form application I have tried with "validatepage=false" and "" then i tried Server.HtmlEncode so it is saving encoded html in database. Now when i showed the data in Repeater control by Server.HtmlDecode(DataContent.FieldValue("Contents", Container)) It is showing text with html tags like <p>asfd</p>..

how i can resolve this issue? In razor view Html.Raw works fine but what is alternative in webform view / ASP.NET? Can anybody help?

like image 714
Imran Rashid Avatar asked May 30 '12 15:05

Imran Rashid


People also ask

Why not use Html Raw?

Raw can result in a XSS vulnerability being exploitable since an attacker can craft a special URL containing a malicious JavaScript payload that will be executed by the victim's browser if he or she sends an invalid 2FA confirmation code.

Are asp net webforms dead?

Does this mean ASP.NET Web Forms is dead and should no longer be used? Of course not! As long as the . NET Framework ships as part of Windows, ASP.NET Web Forms will be a supported framework.

What does Html raw () do?

Using Html. Raw allows you to output text containing html elements to the client, and have them still be rendered as such. Should be used with caution, as it exposes you to cross site scripting vulnerabilities.

Can we use Html Raw?

Raw method does not work and I have to use HttpUtility. HtmlDecode(EncodedContent) before I use Html.


2 Answers

you can use <%= value %> which will not encode the value.

or you can implement your own version of HTML.Raw

Html.Raw returns an IHtmlString instance which is almost same as string but ASP.net doesn't encode IHtmlString.

Simple function to replicate HTML.Raw()

    /// <summary>
    /// Stops asp.net from encoding the source HTML string.
    /// </summary>
    /// <param name="source"></param>
    /// <returns></returns>
    public static IHtmlString HTMLRaw(string source)
    {
        return new HtmlString(source);
    }
like image 52
Menol Avatar answered Sep 25 '22 07:09

Menol


You can use asp:Literal with Mode=PassThrough

like image 33
rt2800 Avatar answered Sep 24 '22 07:09

rt2800