What is the alternate of [AllowHtml] in ASP.Net Core 2.0

Question

I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.

My code in in ASP.Net MVC 5

[AllowHtml]
[DataType(DataType.MultilineText)]
public string Profile { get; set; }

but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link https://learn.microsoft.com/en-us/aspnet/core/security/cross-site-scripting

[DataType(DataType.MultilineText)]
public string Profile { get; set; }

I am really stuck with this issue and need help from .Net experts, Thanks.

It no longer exists - refer [Generate web page from Database using AllowHtml in Asp.Net Core 2.0](https://stackoverflow.com/questions/46230623/generate-web-page-from-database-using-allowhtml-in-asp-net-core-2-0) — , Jan 30 '18 at 05:23
Actually I want to integrate CKEDITOR in my application. and @Html.TextAreaFor(item => item.Profile, new { @id = "editor1" }) render CKEDITOR correctly but when I use HTML Tag Helpers it does not render CKEDITOR — Shafi Shaikh, Jan 30 '18 at 05:32
CKEDITOR not working when I use public string Profile { get; set; } — Shafi Shaikh, Jan 30 '18 at 05:36
Thanks Stephen, CKEDITOR started working now. It was a CSS id issue. — Shafi Shaikh, Jan 30 '18 at 09:15

score 1 · Answer 1 · answered Jan 30 '18 at 13:47

1

Using Asp.Net Core razor you can output raw html into the page via the following:

     @Html.Raw(theString)

I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.

answered Jan 30 '18 at 13:47

RonC

31,330
19
94
139

Thanks, I already did that and its working fine. That topic already resolved. – Shafi Shaikh Jan 30 '18 at 13:57

What is the alternate of [AllowHtml] in ASP.Net Core 2.0

1 Answers1

Linked