ChatGPT解决这个技术问题 Extra ChatGPT

Writing/outputting HTML strings unescaped

I've got safe/sanitized HTML saved in a DB table.

How can I have this HTML content written out in a Razor view?

It always escapes characters like < and ampersands to &amp;.

To save people the long history of discussion below - @Html.Raw()
To save people like me trying to do this with with anonymous types in dynamically typed views, where this won't work - see this answer to my more-specific question. Although using this approach with a strongly-typed view is still better if your situation allows.

A
Alexei Levenkov

Supposing your content is inside a string named mystring...

You can use: 

@Html.Raw(mystring)

Alternatively you can convert your string to HtmlString or any other type that implements IHtmlString in model or directly inline and use regular @: 

@{ var myHtmlString = new HtmlString(mystring);}
@myHtmlString
Thanks for this answer. Helped me finish a little task I was learning. :) However I'm using the latest version of MVC3 and so far no Html.Raw :(
Hi Sergio. I'm using MVC 3 and i'm using the Raw method properly.
Thank you for the answer! I'm still learning MVC 3 and this was eluding me.
@Lorenzo, +1 I'm using the latest MVC 3 with razor syntax and Html.Raw is definitely available to me.
Lorenzo, I've updated answer to remove mentioning of MVC Beta as it was some years ago. Feel free to revert/change.
T
Tom Chantler

In ASP.NET MVC 3 You should do something like this: 

// Say you have a bit of HTML like this in your controller:
ViewBag.Stuff = "<li>Menu</li>"
//  Then you can do this in your view:
@MvcHtmlString.Create(ViewBag.Stuff)
I prefer this method because HTML.Raw blows up if the passed string is null.
Thanks, this is very clean!
A
Andrus

You can use 

@{ WriteLiteral("html string"); }
This was awesome for me, was using Razor within a Hangfire app to send emails... Html.Raw() doesn't work there
1 for WriteLiteral
T
Travis J

Sometimes it can be tricky to use raw html. Mostly because of XSS vulnerability. If that is a concern, but you still want to use raw html, you can encode the scary parts. 

@Html.Raw("(<b>" + Html.Encode("<script>console.log('insert')</script>" + "Hello") + "</b>)")

Results in 

(<b>&lt;script&gt;console.log('insert')&lt;/script&gt;Hello</b>)
A
Ajay

You can put your string into viewdata in controller like this : 

 ViewData["string"] = DBstring;

And then call that viewdata in view like this : 

@Html.Raw(ViewData["string"].ToString())
I
Imad Alazani

Apart from using @MvcHtmlString.Create(ViewBag.Stuff) as suggested by Dommer, I suggest you to also use AntiXSS library as suggested phill http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx

It encodes almost all the possible XSS attack string.

Z
ZlobnyiSerg

Complete example for using template functions in RazorEngine (for email generation, for example): 

@model SomeModel
@{
    Func<PropertyChangeInfo, object> PropInfo =
        @<tr class="property">
            <td>
                @item.PropertyName                
            </td>
            <td class="value">
                <small class="old">@item.OldValue</small>
                <small class="new">@item.CurrentValue</small>                
            </td>
        </tr>;
}

<body>

@{ WriteLiteral(PropInfo(new PropertyChangeInfo("p1", @Model.Id, 2)).ToString()); }

</body>

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Links

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.