Menu
I have html being printed out in a method. Here is the code:
@Html.Raw(Html.GenerateTabs()) //works -- but is inconvinent
Is really did not want to do every method like this. Here is the way i wanted to do it. But it does not work. When when I run the code html prints in the browser.
@Html.GenerateTabs() //prints html in the broswer
<text>@Html.GenerateTabs()</text> //prints html in the broswer
Is there a razor friendly way to do this?
621
Raw can result in a XSS vulnerability being exploitable since an attacker can craft a special URL containing a malicious JavaScript payload that will be executed by the victim's browser if he or she sends an invalid 2FA confirmation code.
You add code to a page using the @ character When you display content in a page using the @ character, as in the preceding examples, ASP.NET HTML-encodes the output.
Creates an HTML-encoded string using the specified text value. IsNullOrEmpty(MvcHtmlString) Determines whether the specified string contains content or is either null or empty.
If your code outputs an MvcHtmlString instead of string, it will output properly with the HTML contained therein.
You construct the MvcHtmlString with a static factory method it has, from the string with HTML.
public MvcHtmlString OutputHtml() {
return MvcHtmlString.Create("<div>My div</div>");
}
then in view:
@OutputHtml()
Razor encodes by default. So far I have not found at view level or application level of turning it off.
Maybe make an extension?
public static MvcHtmlString RawHtml(this string original)
{
return MvcHtmlString.Create(original);
}
...
@Html.GenerateTabs().RawHtml();
Simply make your GenerateTabs return an MvcHtmlString.
Its similar to the other post here, but why go through another method to output raw html rather than just specify Html.Raw. IE I'm not advocating another method as was done below, but simply ensure your GenerateTabs returns the MvcHtmlString.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
