Menu
I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.
My code in in ASP.Net MVC 5
[AllowHtml]
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
I am really stuck with this issue and need help from .Net experts, Thanks.
263
At this point there are two engines inside of the view engine collection: the Web forms view engine (the default ASP.NET MVC view engine) and the Spark View Engine.
Both ValidateInput(false) and AllowHtml attributes are used to allow sending HTML content or codes to server which by default is disabled by ASP.Net MVC to avoid XSS (Cross Site Scripting) attacks.
Fast: ASP.NET Core no longer depends on System. Web. dll for browser-server communication. ASP.NET Core allows us to include packages that we need for our application.
Using Asp.Net Core razor you can output raw html into the page via the following:
@Html.Raw(theString)
I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
