Turn off HTML Encoding in Razor

2019-02-16 07:31发布

I have a function that returns a snippet of JavaScript and/or HTML.

static public string SpeakEvil()
{
    return "<script>alert('BLAH!!');</script>";
}

In the view, Razor is quite rightly HTML encoding it, as most would expect.

@StaticFunctions.SpeakEvil()

How do I have Razor not HTML Encode this, so that the HTML and JavaScript are emitted verbatim, and that any script actually runs?

3条回答
别忘想泡老子
2楼-- · 2019-02-16 07:46

Use the Html.Raw helper.

@Html.Raw(StaticFunctions.SpeakEvil())
查看更多
时光不老,我们不散
3楼-- · 2019-02-16 07:52

Return a MvcHtmlString (Inherits from HtmlString) by calling the MvcHtmlString.Create() method like so:

public static MvcHtmlString SpeakEvil()
{
    return MvcHtmlString.Create("<script>alert('BLAH!!');</script>");
}


You could also make it into an String extension:

public static MvcHtmlString HtmlSafe(this string content)
{
    return MvcHtmlString.Create(content);
}


Source:
http://geekswithblogs.net/shaunxu/archive/2010/04/10/lt-gt-htmlencode-ihtmlstring-and-mvchtmlstring.aspx

查看更多
Explosion°爆炸
4楼-- · 2019-02-16 08:03

You could use the Raw() function but it's mostly meant for things that come from the database.

For a helper like you have I would suggest returning an IHtmlString:

static public IHtmlString SpeakEvil() {
    return new HtmlString("<script>alert('BLAH!!');</script>");
}

That way you don't have have to call Raw() at every callsite.

查看更多
登录 后发表回答