Home/ Questions/Q 8988233
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T21:58:21+00:00

@using MvcMusicStore.Models; @model IEnumerable<Album> @{ ViewBag.Title = List2; string hola = Test <script>alert(‘bip’)</script>; }

  • 0
@using MvcMusicStore.Models;
@model IEnumerable<Album>

@{
ViewBag.Title = "List2";
string hola = "Test <script>alert('bip')</script>";

}

 <h2>@@List2</h2>
 <span>@hola</span>

 <ul>
  @foreach (Album a in Model )
   {
<li>@a.Title,@a.Tipo</li>

}

</ul>

I’ve read that razor automatically html encode strings, but with the code above on my view
i still get the string as is without any encoding.

Btw im running on the localhost just in case it affects in any way.

Thanks in advance

Update:

Thanks to all of your answer specially to Codo answer. The problem was that i was just
looking at the text printed on the page, but not to the page source where the encoded is
reflected.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ve reduced the test case to the relevant part:

    @{
  string hola = "Test <script>alert('bip')</script>";
}

<span>@hola</span>

    When executed, it produces the following HTML code (when looking at the source HTML):

    <span>Test &lt;script&gt;alert(&#39;bip&#39;)&lt;/script&gt;</span>

    In the browser, it displays:

    Test <script>alert(‘bip’)</script>

    And it does not execute it as Javascript code and does not display an alert box.

    So I’d say it works as advertized and properly encodes the HTML.

    • 0