Emitting unencoded strings in a Razor view

As ScottGu says in his blog post «by default content emitted using a @ block is automatically HTML encoded to better protect against XSS attack scenarios». My question is: how can you output a non-HTML-encoded string?

For the sake of simplicity, pls stick to this simple case:

@{
var html = "<a href='#'>Click me</a>"
// I want to emit the previous string as pure HTML code...
}
26816 次浏览
小开

You can create a new instance of MvcHtmlString which won't get HTML encoded.

@{
var html = MvcHtmlString.Create("<a href='#'>Click me</a>")
}

Hopefully there will be an easier way in the future of Razor.

If you're not using MVC, you can try this:

@{
var html = new HtmlString("<a href='#'>Click me</a>")
}
小开

new HtmlString is definitely the answer.

We looked into some other razor syntax changes, but ultimately none of them ended up really being any shorter than new HtmlString.

We may, however, wrap that up into a helper. Possibly...

@Html.Literal("<p>something</p>")

or 

@"<p>something</p>".AsHtml()
小开

I ran into this problem as well when transitioning our project to the new Razor view engine. The approach I took was slightly different because we had to generate JSON data from C# and wanted to output it upon page load.

What I eventually did was to implement a RawView that was a parallel of View inside of the cshtml files. Essentially, to get a raw string,

@(new HtmlString(View.Foo))


// became
@RawView.Foo

This requires a few changes to the project layout, so I just wrote up a blog post about it here. In short, this required a duplicate implementation of MVC's DynamicViewDataDictionary and a new WebViewPage that contains the RawView. I also went ahead and implemented the index operator on the RawView to allow for

@RawView["Foo"]

In the off-chance that someone needs to loop over the data with a list of keys.

Reading anurse's comment, it probably would have been better off if I had named this as a Literal instead of RawView.

小开
最佳答案

This is my favorite approach:

@Html.Raw("<p>my paragraph text</p>")

Source was Phil Haack's Razor syntax reference: http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx

小开

I'm using ASP.NET MVC and Razor under Mono.

I couldn't get HtmlHelper from System.Web.WebPages of System.Web.Mvc for some reasons.

But I managed to output unencoded string after declaring model's property as RazorEngine.Text.RawString. Now it outputs as expected.

Example

@{
var txt = new RawString("some text with \"quotes\"");
var txt2 = "some text with \"quotes\"";
}
<div>Here is unencoded text: @txt</div>
<div>Here is encoded text: @txt2</div>

Output:

<div>Here is unencoded text: some text with "quotes"</div>
<div>Here is encoded text: some text with &quot;quotes&quot;</div>

提交答案