Emitting unencoded strings in a Razor view

asp.netRazorHtml Encode

asp.net Problem Overview

As ScottGu says in his blog post «by default content emitted using a @ block is automatically HTML encoded to better protect against XSS attack scenarios». My question is: how can you output a non-HTML-encoded string?

For the sake of simplicity, pls stick to this simple case:

@{
 var html = "<a href='#'>Click me</a>"
 // I want to emit the previous string as pure HTML code...
}

asp.net Solutions

Solution 1 - asp.net

This is my favorite approach:

@Html.Raw("<p>my paragraph text</p>")

Source was Phil Haack's Razor syntax reference: http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx

Solution 2 - asp.net

You can create a new instance of MvcHtmlString which won't get HTML encoded.

@{
  var html = MvcHtmlString.Create("<a href='#'>Click me</a>")
}

Hopefully there will be an easier way in the future of Razor.

If you're not using MVC, you can try this:

@{
  var html = new HtmlString("<a href='#'>Click me</a>")
}

Solution 3 - asp.net

new HtmlString is definitely the answer.

We looked into some other razor syntax changes, but ultimately none of them ended up really being any shorter than new HtmlString.

We may, however, wrap that up into a helper. Possibly...

@Html.Literal("<p>something</p>")

or

@"<p>something</p>".AsHtml()

Solution 4 - asp.net

I'm using ASP.NET MVC and Razor under Mono.

I couldn't get HtmlHelper from System.Web.WebPages of System.Web.Mvc for some reasons.

But I managed to output unencoded string after declaring model's property as RazorEngine.Text.RawString. Now it outputs as expected.

Example

@{
    var txt = new RawString("some text with \"quotes\"");
    var txt2 = "some text with \"quotes\"";
}
<div>Here is unencoded text: @txt</div>
<div>Here is encoded text: @txt2</div>

Output:

<div>Here is unencoded text: some text with "quotes"</div>
<div>Here is encoded text: some text with &quot;quotes&quot;</div>

Solution 5 - asp.net

I ran into this problem as well when transitioning our project to the new Razor view engine. The approach I took was slightly different because we had to generate JSON data from C# and wanted to output it upon page load.

What I eventually did was to implement a RawView that was a parallel of View inside of the cshtml files. Essentially, to get a raw string,

@(new HtmlString(View.Foo))

// became
@RawView.Foo

This requires a few changes to the project layout, so I just wrote up a blog post about it here. In short, this required a duplicate implementation of MVC's DynamicViewDataDictionary and a new WebViewPage that contains the RawView. I also went ahead and implemented the index operator on the RawView to allow for

@RawView["Foo"]

In the off-chance that someone needs to loop over the data with a list of keys.

Reading anurse's comment, it probably would have been better off if I had named this as a Literal instead of RawView.

Categories
Recommended asp.net Solutions
Recommended Razor Solutions
Recommended Html Encode Solutions

Previous Solution:

How to animate a view in Android and have it stay in the new position/size?

AndroidAnimation

Next Solution:

How do I get the scroll position of a document?

JqueryScroll

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionhemmeView Question on Stackoverflow
Solution 1 - asp.netmiguelvView Answer on Stackoverflow
Solution 2 - asp.netaoldeView Answer on Stackoverflow
Solution 3 - asp.netErik PorterView Answer on Stackoverflow
Solution 4 - asp.netporfirionView Answer on Stackoverflow
Solution 5 - asp.netAnh-Kiet NgoView Answer on Stackoverflow