Turn off HTML Encoding in Razor

2019-02-16 07:42发布

问题:

I have a function that returns a snippet of JavaScript and/or HTML.

static public string SpeakEvil()
{
    return "<script>alert('BLAH!!');</script>";
}

In the view, Razor is quite rightly HTML encoding it, as most would expect.

@StaticFunctions.SpeakEvil()

How do I have Razor not HTML Encode this, so that the HTML and JavaScript are emitted verbatim, and that any script actually runs?

回答1:

You could use the Raw() function but it's mostly meant for things that come from the database.

For a helper like you have I would suggest returning an IHtmlString:

static public IHtmlString SpeakEvil() {
    return new HtmlString("<script>alert('BLAH!!');</script>");
}

That way you don't have have to call Raw() at every callsite.



回答2:

Use the Html.Raw helper.

@Html.Raw(StaticFunctions.SpeakEvil())


回答3:

Return a MvcHtmlString (Inherits from HtmlString) by calling the MvcHtmlString.Create() method like so:

public static MvcHtmlString SpeakEvil()
{
    return MvcHtmlString.Create("<script>alert('BLAH!!');</script>");
}


You could also make it into an String extension:

public static MvcHtmlString HtmlSafe(this string content)
{
    return MvcHtmlString.Create(content);
}


Source:
http://geekswithblogs.net/shaunxu/archive/2010/04/10/lt-gt-htmlencode-ihtmlstring-and-mvchtmlstring.aspx