I am trying to generate emails with HTML content. this content has already gone through sanitation so I am not worried in that regard, however when I call:
Razor.Parse(template, model);
on the following Razor template:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <body> @(new System.Web.HtmlString(Model.EmailContent)) </body> </html>
the email that is outputted is HTMl encoded, but I need it decoded. How can I accomplish this?
The Html. Raw Helper Method is used to display HTML in Raw format i.e. without encoding in ASP.Net MVC Razor. In this article I will explain with an example, how to use Html.
You add code to a page using the @ character When you display content in a page using the @ character, as in the preceding examples, ASP.NET HTML-encodes the output.
Raw can result in a XSS vulnerability being exploitable since an attacker can craft a special URL containing a malicious JavaScript payload that will be executed by the victim's browser if he or she sends an invalid 2FA confirmation code.
Raw allows you to output text containing html elements to the client, and have them still be rendered as such. Should be used with caution, as it exposes you to cross site scripting vulnerabilities.
RazorEngine, like MVC's Razor View Engine, will automatically encode values written to the template. To get around this, we've introduce an interface called IEncodedString
, with the default implementations being HtmlEncodedString
and RawString
.
To use the latter, simply make a call to the inbuilt Raw
method of TemplateBase
:
@Raw(Model.EmailContent)
FYI I have a fork that includes the @Html.Raw(...) syntax here:
https://github.com/Antaris/RazorEngine/pull/105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With