Writing/outputting HTML strings unescaped

asp.net-mvc razor asp.net-mvc-3

I've got safe/sanitized HTML saved in a DB table.

How can I have this HTML content written out in a Razor view?

It always escapes characters like < and ampersands to &amp;.


Solution 1:

Supposing your content is inside a string named mystring...

You can use:

@Html.Raw(mystring)

Alternatively you can convert your string to HtmlString or any other type that implements IHtmlString in model or directly inline and use regular @:

@{ var myHtmlString = new HtmlString(mystring);}
@myHtmlString

Solution 2:

In ASP.NET MVC 3 You should do something like this:

// Say you have a bit of HTML like this in your controller:
ViewBag.Stuff = "<li>Menu</li>"
//  Then you can do this in your view:
@MvcHtmlString.Create(ViewBag.Stuff)

Solution 3:

You can use

@{ WriteLiteral("html string"); }

Solution 4:

Sometimes it can be tricky to use raw html. Mostly because of XSS vulnerability. If that is a concern, but you still want to use raw html, you can encode the scary parts.

@Html.Raw("(<b>" + Html.Encode("<script>console.log('insert')</script>" + "Hello") + "</b>)")

Results in

(<b>&lt;script&gt;console.log('insert')&lt;/script&gt;Hello</b>)

Related

How to save a Python interactive session?
Entity Framework Provider type could not be loaded?
How do the Proxy, Decorator, Adapter, and Bridge Patterns differ?
How to auto-format code in Eclipse?
Getting error "No such module" using Xcode, but the framework is there
SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac
Create the perfect JPA entity [closed]
getApplication() vs. getApplicationContext()
Should I commit the yarn.lock file and what is it for?
How to clear basic authentication details in chrome
What's a good way to extend Error in JavaScript?
Error renaming a column in MySQL