Emitting unencoded strings in a Razor view

asp.net razor html-encode

As ScottGu says in his blog post «by default content emitted using a @ block is automatically HTML encoded to better protect against XSS attack scenarios». My question is: how can you output a non-HTML-encoded string?

For the sake of simplicity, pls stick to this simple case:

@{
 var html = "<a href='#'>Click me</a>"
 // I want to emit the previous string as pure HTML code...
}

Solution 1:

This is my favorite approach:

@Html.Raw("<p>my paragraph text</p>")

Source was Phil Haack's Razor syntax reference: http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx

Solution 2:

You can create a new instance of MvcHtmlString which won't get HTML encoded.

@{
  var html = MvcHtmlString.Create("<a href='#'>Click me</a>")
}

Hopefully there will be an easier way in the future of Razor.

If you're not using MVC, you can try this:

@{
  var html = new HtmlString("<a href='#'>Click me</a>")
}

Solution 3:

new HtmlString is definitely the answer.

We looked into some other razor syntax changes, but ultimately none of them ended up really being any shorter than new HtmlString.

We may, however, wrap that up into a helper. Possibly...

@Html.Literal("<p>something</p>")

or 

@"<p>something</p>".AsHtml()

Related

ipch files on a Visual Studio project
Why does git merge sometimes create a commit, sometimes does not?
Which is best data type for phone number in MySQL and what should Java type mapping for it be?
angular2 rc.5 custom input, No value accessor for form control with unspecified name
What is the LIMIT clause alternative in JPQL?
How to do IF NOT EXISTS in SQLite
How to check if X server is running?
Difference between a script and a program? [closed]
What is the use of <<<EOD in PHP?
How do I iterate and modify Java Sets?
C++ vector's insert & push_back difference
dquote> result of a execution a program in linux shell