ASP.NET MVC Passing Raw HTML from Controller to View
https://stackoverflow.com/questions/12033578
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have been scratching my head about this for a few days, and I am not sure if it is an issue with my environment or the code itself basing this on being to ASP.NET MVC (although I have 5 years experience in C#). I am using a recent clean install of Win7x64 and VS 2008 with all the patches.
I have raw HTML stored in a database table that is selectively loaded by the controller based on a few rules which I do not have control over. Unfortunately when attempt to stuff the value into a view data in the control like such:
ViewData["HTMLData"] = DAO.HTMLDataGet();
When I see the output, it is escaped/HTML Encoded. I tried using the following all of which did not seem to resolve this issue:
<%: HttpUtility.HtmlDecode(ViewData["HTMLData"].ToString())%>
And...
<%: Server.HtmlDecode(ViewData["HTMLData"].ToString())%>
And...
<%: Html.Raw(ViewData["HTMLData"].ToString())%>
...it grabs the raw HTML from the database table just fine, however it keeps forcing that blasted encoding regardless of what I try. From what I read on the MSDN, there was a foot note about problems resulting from HTML not being decoded properly that contained spaces (which mine does). Since I doubt I am the only one who has faced this I am turning to you folks for some ideas.
I am about to Kludge my way though it with a regex in the view to do page cleanup, but thought it would be better to get some advice from some other folks first before I brute force it.Thanks in advance.
Solution
<%: means "encode if necessary". If you don't want that, then the lazy approach would be to use <%=, but frankly I suggest you instead wrap it in IHtmlString, for example:
string yourEncodedHtml = ...
var html = new MvcHtmlString(yourEncodedHtml);
Now, if you store that and show it, it should take the html "as is".
OTHER TIPS
Try using: <%= %>
<%= Html.Raw(ViewData["HTMLData"].ToString())%>
<%: %> is Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC)
How to HTML Encode Content Today
ASP.NET applications (especially those using ASP.NET MVC) often rely on using <%= %> code-nugget expressions to render output. Developers today often use the Server.HtmlEncode() or HttpUtility.Encode() helper methods within these expressions to HTML encode the output before it is rendered.
While this works fine, there are two downsides of it:
It is a little verbose Developers often forget to call the Server.HtmlEncode method – and there is no easy way to verify its usage across an app
New <%: %> Code Nugget Syntax
With ASP.NET 4 we are introducing a new code expression syntax (<%: %>) that renders output like <%= %> blocks do – but which also automatically HTML encodes it before doing so. This eliminates the need to explicitly HTML encode content.
We chose the <%: %> syntax so that it would be easy to quickly replace existing instances of <%= %> code blocks. It also enables you to easily search your code-base for <%= %> elements to find and verify any cases where you are not using HTML encoding within your application to ensure that you have the correct behavior.
