1

So, I have a wordpress like website in ASP.Net MVC 5, where I can create website for my customers. Now one of the customer's website needed a text box to add a html content. So, I added [AllowHTML] for that text box, so I am able to successfully save textbox content to DB. Now my question is how to render in front end. I mean I have a model property as

public string htmlcontent {get;set;}

and the value I am getting from Database is

<p>abc</p>.

Now what is the best way to render it in my cshtml file. If I do something like

@Model.htmlcontent

My output is simply <p>abc</p> as Plain TEXT But I want the DOM to understand the html content and attributes and render it accordingly.

Improve this question
3
  • If you allow that everyone can enter not only HTML, but also javascipt, which is then executed on every user's machine. Please get familiar with XSS (cross site scripting): owasp.org/index.php/Cross-site_Scripting_(XSS) Commented Jun 14, 2017 at 16:03
  • Only I have access to settings page as an admin. So basically only I can log in to settings page and make changes as per clients demand. Commented Jun 14, 2017 at 16:05
  • but I will read the article. thanks. :) Commented Jun 14, 2017 at 16:05

1 Answer 1

Reset to default
5

You need to tell the razor engine not to escape your string using Html.Raw:

@Html.Raw(Model.htmlcontent)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Can you put one line of explanation why Raw works but normal rendering w/o raw does not work.
By default all strings output through razor are escaped/encoded, so for example > becomes &gt;. By using Html.Raw you're telling the razor engine not to escape any characters in the output, sending it "raw" to the browser.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.