I've implemented the solution explained in this post How to get tweet's HTML with LinqToTwitter? but when I display my tweets the HTML links appear like this
<a class="inline" href="http://twitter.com/cgitosh" target="_blank">#cgitosh</a> And how are you?
instead of just showing #cgitosh And how are you? with #cgitosh linking to the twitter account.
What I'm I not doing right?
Razor code snipet:
#{var tweet = TwitterExtensions.Text2Html(item.Text);}
<div>#tweet</div>
So I basically pass the tweet text to the Text2HTML function which is explained in the link provided above which returns the tweet with links to the variable tweet which I then output in my view
Try:
#{var tweet = TwitterExtensions.Text2Html(item.Text);}
<div>#(new HtmlString(tweet))</div>
...and unless you're using tweet elsewhere, you could just do
<div>#(new HtmlString(TwitterExtensions.Text2Html(item.Text)))</div>
Razor by default HTML encodes strings, so you have to explicitly tell it to render it as markup. (See here.) Hope this helps!
Try like this:
<div>#Html.Raw(tweet)</div>
The Html.Raw method will not HTML encode the output which is what Razor does by default.
Related
I am trying to dynamically generate subjects in a mailTo link with a number using Razor from a html page. The Razor with the number is #Model.Number and I have been able to embed the number in the link, but not in the subject part of the link.
As in the code below, putting the Razor in the subject part of the link causes the email link to open with a subject that writes out #Model.Number literally. Putting it before the ?subject part does allow me to embed it. Is there a way to use the #model.Number razor in the subject of an email link?
#Email us
(Please note: my question differs from other similar questions as they do not attempt to embed Razor in the subject part of a link)
The dynamic value #Model.Number needs to be escaped with brackets to prevent getting parsed as a literal string, like this:
#Email us
You might try:
<a href='#("mailto:email#test.com?subject=Policy%20" + #Model.Number)'>#Email us</a>
or
<a href='#(String.Format("{0}{1}", "mailto:email#test.com?subject=Policy%20", #Model.Number)'>#Email us</a>
Is there a way to render HTML tags from a ViewBag? I am pulling article content out of a database, but the HTML tags included in the article aren't rendered.
For example:
ViewBag.ArticleContent = "Machine <strong>Language</strong> Content";
The tag doesn't render, it just shows up as text. This is a static string, but I get the same issue when I assign to ViewBag.ArticleContent from the database.
I figured it out. This appears to be working:
#Html.Raw(ViewBag.ArticleContent)
I use Tinymce to edit article body in my asp.net mvc application. I also put [ValidateInput(false)] on 'Edit' Action result, and I get no errors, but When I want to show the article body to user, even by using Html.Raw(article.Body), it show raw html tags and not the formaytted text. Here is a example of out put:
<p><span style="text-decoration: underline;"><strong>dsadad asdsadad asdsadadad</strong></span></p>
ps: I use AntiXss library.
It looks like AntiXss is encoding the HTML so < will become <. To decode it back to HTML, try this:
#Html.Raw(HttpUtility.HtmlDecode(article.Body))
I have MVC 1.0 app on VS2008.
I have webpage that has a search form fields and then when search button clicked uses
Ajax.BeginForm to load results in a div. Works great!
But the results have a pager that just uses an anchor with href passing in page index to controller action.
Of course the same action that is used when the search button is clicked.
So what happens is the results are displayed in new page by themselves. Because the links
are not called using Ajax.
So how can I structure my views and actions so that when a link is clicked in the pager
that the form is submitted to the action as well as the page index for the results??
Do you understand me??
Malcolm
I think I understand what you are saying.
Currently, you're using Ajax to dynamically update your results to a div. Kewl.
The trick here is to make sure each 'page' in the pager has a similar javascript function defined on the onclick event. This way, the pager doesn't do a 'postback' to the server, but the javascript method is ran ... which calls some ajax.
here's some sample html...
<a href="#" onclick="DoPagedSearch(1)>1</a> |
<a href="#" onclick="DoPagedSearch(2)>2</a> .. etc
does this make sence? make sure the pager is NOT inside a form AND notice the '#' characters? that makes sure that when u click on the text, it doesn't try and goto another HTML page, elsewhere.
Do you know how to wire up any javascript to an html element? How do u create the html code for the pager?
try that and keep us posted.
Use jquery to have the page anchors make an ajax call to the controller. Return the results as JSON or xhtml or whatever format makes you feel happy and use that to replace the content of the div, or build up and replace the contents if JSON.
If you haven't dug into jquery, I highly recommend it. The documentation is rather excellent. Let me provide you a few useful links for this:
JSON.net serializer
jQuery Documentation
fair example of using jquery for paging
The example uses an rss feed (xml) as the source, but It should get you going.
I am using FckEditor in Create.aspx page in asp.net mvc application.
Since I need to show rich text in web pages, I used ValidateInput(false) attribute top of action method in controller class.
And I used Html.Encode(Model.Message) in Details.aspx to protect user's attack.
But, I had result what I did not want as following :
<p> Hello </p>
I wanted following result not above :
Hello
How can I show the text what user input?
Thanks in advance
The short answer is that HTMLEncode is making your markup show like that. If you don't HTMLEncode, it will do what you want.
You need to think about whether or not you need full control of markup, who is entering the markup, and if an alternative like BBCode is an option.
If your users using the editor are all sure to be 'safe' users, then XSS isn't likely to be as much a concern. However, if you are using this on a comment field, then BBCode, or something like SO itself uses is more appropriate.
You wont be able to use a WYSIWYG editor and do HTMLEncode though... (without BBCode, or some other token system)
It seems the user entered "<p> Hello </p>" (due to pressing Enter?) into the edit control, and it is displaying correct in the HTML as you have done an Html.Encode. E.g. the paragrahs are not rendered, they are outputted as "<p>..</p>" as the string is HTML encoded into something like "<p> Hello <p>".
If you do not want tags, I would suggest searching the text string for tags (things with <...>) and removing them from the inputted text. Do this before HTML.Encode.
...or am I missing something?
You can use HttpServerUtility.HtmlEncode(String)