Menu
I store encoded HTML in the database.
The only way i could display it correctly is :
<div class='content'>
@MvcHtmlString.Create(HttpUtility.HtmlDecode(Model.Content));
</div>It's ugly. Is there any better way to do this?
381
You add code to a page using the @ character When you display content in a page using the @ character, as in the preceding examples, ASP.NET HTML-encodes the output.
Razor is a markup syntax for embedding . NET based code into webpages. The Razor syntax consists of Razor markup, C#, and HTML. Files containing Razor generally have a . cshtml file extension.
Raw can result in a XSS vulnerability being exploitable since an attacker can craft a special URL containing a malicious JavaScript payload that will be executed by the victim's browser if he or she sends an invalid 2FA confirmation code.
Using Html. Raw allows you to output text containing html elements to the client, and have them still be rendered as such. Should be used with caution, as it exposes you to cross site scripting vulnerabilities.
Try this:
<div class='content'>
@Html.Raw(HttpUtility.HtmlDecode(Model.Content))
</div>Use Html.Raw(). Phil Haack posted a nice syntax guide at http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx.
<div class='content'>
@Html.Raw( Model.Content )
</div>If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
