I'm using MVC 3 and Razor as View Engine, for my understanding HTML tags are decoding by default to prevent XSS attacks or similar. (I'm also using MS XSS 4.2.1 Library)
I have a View showing some data
<div class="display-label">Code</div>
<div class="display-field">
#Html.DisplayFor(model => model.Code).
</div>
Model.Code is HTML code for some Banners, I need to display the HTML on the page DECODED.
My question: How can I decode the HTML for just model.Code living the rest ENCODED?
Thanks for your help
To display raw html use
#Html.Raw(model.Code)
Be extremely careful though
you can use to output the data as is without encoding :
#Html.Raw(model.Code)
Use is #MvcHtmlString.Create(#Model.OurVision)
Related
I am developing an application in which I have used the editor so when the user submit the data the data was send to the sql server in HTML format.
<p><strong><em>fghfghfghfghfghfghfgdfxvbc</em></strong></p> <ol> <li>.
it will not converted in to html tags.
I'm using Asp.net Mvc.
The code is as follow:
When adding raw HTML to a page in ASP.NET MVC, you need to use
#Html.Raw("your html string here")
I have a solution that uses asp.net web api to convert data to pdf.
I am using #Raw to display the data in a html formatted manner. But the problem is that if the json string contains the html <br> it throws an error. Once I change it manually to XHTML <br/> it works fine.
Why can't #Raw handle html breaks ? Is there a better way to handle html tags?
Description
#Raw(#Model.Description)
For security reasons, Raw method is not recommended for using - it does not encode input string. The better solution, especially when you already use Web API, would be to just return the non-formatted data, and do the html formatting on the client-side, maybe using some templates library.
I want to display file on my form using MVC.
I am bringing a Byte[] array data from the Database, and using FileContentResult I am converting it into a file.I want to now display this file on my page for viewing . How can it be acheived. What code to write in my View for the same.
Assuming you're using Razor, rendering a text file can be done as simple as:
<div>
#(new System.IO.StreamReader("myFile.txt")).ReadToEnd()
</div>
For PDF files, you'll have to find a third-party component to convert to HTML.
You probably don't want to use FileContentResult, that is something generally used for providing the raw file.
In theory though there is nothing different in using any other url
<img src="#Html.ActionLink("View","Image",{id = Model.key})" />
Or you can provide that link in a pdf reference, or as a stylesheet etc.
I am trying to use the calendar gem in my project (https://github.com/elevation/event_calendar). But when I open the calendar page, it renders the page by showing the html code of the calendar rather than rendering the html. Basically the source for the page generate is like
<div class="ec-calendar">
instead of
.
Can anyone let me know what is going on and how to resolve it.
I assume you are using Rails 3? As a security measure against XSS (Cross Site Scripting), Rails 3 renders html inside of strings as text. If you know the html in your string is safe, call html_safe on it, like
'<div class="ec-calendar">'.html_safe
or
raw '<div class="ec-calendar">'
html_safe I believe, is preferred over raw. Not sure what's different behind the scenes, if anything.
I'm using MVC 3 (the ASPX ViewModel) while I store and display data from my SQL database. I've tried using the raw input to store it as well as using HttpUtility.HtmlEncode. Neither are working when I try to display. I've tried using the HttpUtility.HtmlDecode as well as using <%: Model.MyHtmlVariable %>. Am I missing something?
Using the traditional "<%= html %>" syntax should render it out for you but may not depending on what you're doing. If not, try to wrap it in an HtmlString object, like so:
<%= new HtmlString(html) %>
MVC should respect that and render it out properly.
If you're just looking to display the encoded HTML, the "<%: html %>" syntax is your friend
You need to create a div to target and set the html using an jquery/javascript call to the controller action.
jQuery.get("/Controller/Action",
function(response) {
$("#MyDiv").html(response)
});
See if something like that works.