How can I prevert html injection issue in my code. I have function for

Question

0

Editorial Team

Asked: May 28, 20262026-05-28T04:38:43+00:00 2026-05-28T04:38:43+00:00

How can I prevert html injection issue in my code. I have function for

0

How can I prevert html injection issue in my code.

I have function for wrapping all hyperlinks in string to anchor. So I have this

@Html.Raw(Helpers.UtilHelpers.ReplaceLinks(Model.Texts[index].Content))

How can I do this without this dangerous trick? Because in this way, user can do html injection.

My function ReplaceLinks replaces all hyperlinks like http://www.google.com to <a href="google.com">http://www.google.com</a>, so I want to show this line as hyperlink not as text. But I want to show like this only tags generated by my function.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T04:38:44+00:00

Use Server.HtmlEncode: http://msdn.microsoft.com/en-us/library/ms525347(v=vs.90).aspx

If the text contains html, it will be shown encoded.

Edit: Added as helper (Extension method)

public static class HtmlUrlExtension
{
    public static string RawUrl( this HtmlHelper html, string url )
    {
         return html.Raw(HttpServerUtility.HtmlEncode(url));
    }
}

And use it:

@Html.RawUrl(Model.Texts[index].Content)

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How can I prevert html injection issue in my code. I have function for

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply