Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If you generate an HTML string Like
ViewBag.FinalHTML="<a href=\"http://stackoverflow.com\">StackOverFlow</a>";
and then Try to show it in View using this code:
This is the best Q&A for programming questions: @ViewBag.FinalHTML
then the result will be this:
This is the best Q&A for programming questions: <a href="http://stackoverflow.com">StackOverFlow</a>
(I know how can I do that right. I have another question!)
How does ASP.Net MVC do it?
The
@function uses theHttpUtility.HtmlEncodemethod to safe encode everything you pass to it.If you don’t want this automatic encoding to happen use the
@Html.Rawmethod:Obviously by doing this you should make sure that this
FinalHTMLis absolutely never coming from an user input but is generated by you on the server. Otherwise you are opening a huge XSS hole in your website.