Replace line break characters with
in ASP.NET MVC Razor view

Question

I have a textarea control that accepts input. I am trying to later render that text to a view by simply using:

@Model.CommentText

This is properly encoding any values. However, I want to replace the line break characters with <br /> and I can't find a way to make sure that the new br tags don't get encoded. I have tried using HtmlString but haven't had any luck yet.

I presume linebreaks are stored as `\n` in the database and you want to convert to a `
`? — Marko, Nov 18 '10 at 22:45

Jacob Krall · Accepted Answer · 2017-11-21T19:07:03.000

782

Use the CSS white-space property instead of opening yourself up to XSS vulnerabilities!

<span style="white-space: pre-line">@Model.CommentText</span>

edited Nov 21 '17 at 19:07

answered Sep 29 '11 at 20:01

Jacob Krall

28,341
6
66
76

9

http://www.quirksmode.org/css/whitespace.html has a good explanation of `pre-line` (I was only aware of `nowrap` and `pre`). – James Skemp Aug 12 '12 at 16:24
53

actually `white-space: pre-wrap;` is better since `pre-line` will mess with your text by grouping white spaces into one space. – Chtioui Malek Jun 24 '13 at 10:58
2

@ChtiwiMalek: I certainly agree that you usually want to preserve all white space, but the original question asked about converting linebreaks into `
`s – Jacob Krall Jun 24 '13 at 15:06
7

Unfortunately this won't work in almost any email client (including Office 2013). – Roger Far Dec 04 '14 at 20:19
3

One caveat with this approach is that due to browser bugs the new lines will be lost on copy-paste. See https://bugzilla.mozilla.org/show_bug.cgi?id=1174452 and https://code.google.com/p/chromium/issues/detail?id=317365 – thelem Nov 02 '15 at 10:58

score 121 · Answer 2 · edited May 23 '17 at 11:54

121

Try the following:

@MvcHtmlString.Create(Model.CommentText.Replace(Environment.NewLine, "<br />"))

Update:

According to marcind's comment on this related question, the ASP.NET MVC team is looking to implement something similar to the <%: and <%= for the Razor view engine.

Update 2:

We can turn any question about HTML encoding into a discussion on harmful user inputs, but enough of that already exists.

Anyway, take care of potential harmful user input.

@MvcHtmlString.Create(Html.Encode(Model.CommentText).Replace(Environment.NewLine, "<br />"))

Update 3 (Asp.Net MVC 3):

@Html.Raw(Html.Encode(Model.CommentText).Replace("\n", "<br />"))

edited May 23 '17 at 11:54

Community

1
1

answered Nov 18 '10 at 22:44

Omar

39,496
45
145
213

18

Oh my GOD, no. What if I decide to comment about some ` – Darin Dimitrov Nov 18 '10 at 22:49
4

Thanks - that worked. Was very close but must have been doing the replace too soon or too late. I ended up using this: @MvcHtmlString.Create(Html.Encode(Model.CommentText).Replace("\n", "
")) because Environment.NewLine wasn't working right. – bkaid Nov 18 '10 at 23:39
@thekaido - I recommend that you do all the replacing and encoding in the controller and passing a `IHtmlString` to the view or creating a custom `HtmlHelper` that does all this for you. Seeing this line of code in a view can be painful. – Omar Nov 19 '10 at 00:15
3

Environment.NewLine doesn't really apply to form posts since browsers usually return just `\n` instead of `\r\n` – Buildstarted Nov 19 '10 at 01:07
20

For the released version of MVC 3, the suggestion appears to be @Html.Raw(Html.Encode(Model.CommentText).Replace(Environment.NewLine, "
")), instead of using MvcHtmlString. At least for display. – James Skemp Mar 31 '11 at 20:25
2

Environment.NewLine represent "\r\n". If my user entered data using linux or mac, linebreaks are just "\n" or "\r". Isn't there a method somewhere that takes this into account? – SandRock Jan 18 '12 at 22:52
3

Even with MVC3 this solution looks quite ugly. It's rather long, you have to look twice to be sure everything gets encoded right and you have problems with different kinds of newlines. The CSS-based solution below is much better! – Stefan Paul Noack Feb 02 '12 at 12:14
@SandRock: "Some\r\n string\nand a newline ".Replace("\r", "").Replace("\n", "
") note that you can safely omit Replace("\r", "") – Stefan Steiger Sep 04 '12 at 14:34
@Quandary a bit too brute-force to me. Prefer checking the kind of linebreak before replacing: https://gist.github.com/3653055 – SandRock Sep 06 '12 at 08:33

score 12 · Answer 3 · answered Dec 09 '14 at 14:23

Split on newlines (environment agnostic) and print regularly -- no need to worry about encoding or xss:

@if (!string.IsNullOrWhiteSpace(text)) 
{
    var lines = text.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries);
    foreach (var line in lines)
    {
        <p>@line</p>
    }
}

(remove empty entries is optional)

score 10 · Answer 4 · answered Nov 02 '15 at 11:43

10

Omar's third solution as an HTML Helper would be:

public static IHtmlString FormatNewLines(this HtmlHelper helper, string input)
{
    return helper.Raw(helper.Encode(input).Replace("\n", "<br />"));
}

answered Nov 02 '15 at 11:43

thelem

2,642
1
24
34

score 5 · Answer 5 · answered Jan 02 '13 at 23:59

Applying the DRY principle to Omar's solution, here's an HTML Helper extension:

using System.Web.Mvc;
using System.Text.RegularExpressions;

namespace System.Web.Mvc.Html {
    public static class MyHtmlHelpers {
        public static MvcHtmlString EncodedReplace(this HtmlHelper helper, string input, string pattern, string replacement) {
            return new MvcHtmlString(Regex.Replace(helper.Encode(input), pattern, replacement));
        }
    }
}

Usage (with improved regex):

@Html.EncodedReplace(Model.CommentText, "[\n\r]+", "<br />")

This also has the added benefit of putting less onus on the Razor View developer to ensure security from XSS vulnerabilities.

My concern with Jacob's solution is that rendering the line breaks with CSS breaks the HTML semantics.

score 4 · Answer 6 · answered Mar 26 '14 at 23:44

I needed to break some text into paragraphs ("p" tags), so I created a simple helper using some of the recommendations in previous answers (thank you guys).

public static MvcHtmlString ToParagraphs(this HtmlHelper html, string value) 
    { 
        value = html.Encode(value).Replace("\r", String.Empty);
        var arr = value.Split('\n').Where(a => a.Trim() != string.Empty);
        var htmlStr = "<p>" + String.Join("</p><p>", arr) + "</p>";
        return MvcHtmlString.Create(htmlStr);
    }

Usage:

@Html.ToParagraphs(Model.Comments)

score 0 · Answer 7 · answered Nov 30 '19 at 23:20

I prefer this method as it doesn't require manually emitting markup. I use this because I'm rendering Razor Pages to strings and sending them out via email, which is an environment where the white-space styling won't always work.

public static IHtmlContent RenderNewlines<TModel>(this IHtmlHelper<TModel> html, string content)
{
    if (string.IsNullOrEmpty(content) || html is null)
    {
        return null;
    }

    TagBuilder brTag = new TagBuilder("br");
    IHtmlContent br = brTag.RenderSelfClosingTag();
    HtmlContentBuilder htmlContent = new HtmlContentBuilder();

    // JAS: On the off chance a browser is using LF instead of CRLF we strip out CR before splitting on LF.
    string lfContent = content.Replace("\r", string.Empty, StringComparison.InvariantCulture);
    string[] lines = lfContent.Split('\n', StringSplitOptions.None);
    foreach(string line in lines)
    {
        _ = htmlContent.Append(line);
        _ = htmlContent.AppendHtml(br);
    }

    return htmlContent;
}

Replace line break characters with
in ASP.NET MVC Razor view

7 Answers7

Update:

Update 2:

Update 3 (Asp.Net MVC 3):

Linked

Related

Replace line break characters with in ASP.NET MVC Razor view

7 Answers7

Update:

Update 2:

Update 3 (Asp.Net MVC 3):

Linked

Related

Replace line break characters with
in ASP.NET MVC Razor view