Turn off HTML Encoding in Razor

Question

I have a function that returns a snippet of JavaScript and/or HTML.

static public string SpeakEvil()
{
    return "<script>alert('BLAH!!');</script>";
}

In the view, Razor is quite rightly HTML encoding it, as most would expect.

@StaticFunctions.SpeakEvil()

How do I have Razor not HTML Encode this, so that the HTML and JavaScript are emitted verbatim, and that any script actually runs?

score 54 · Accepted Answer · answered Feb 11 '11 at 20:32

54

You could use the Raw() function but it's mostly meant for things that come from the database.

For a helper like you have I would suggest returning an IHtmlString:

static public IHtmlString SpeakEvil() {
    return new HtmlString("<script>alert('BLAH!!');</script>");
}

That way you don't have have to call Raw() at every callsite.

answered Feb 11 '11 at 20:32

marcind

5

I'm using the RazorEngine in a non-web application. Neither of your proposed solutions are working for me, in fact, the Html.Raw method call is giving me the following exception: "Unable to compile template. The name 'Html' does not exist in the current context". If I have a MvcHtmlString, or an IHtmlString it still html encodes the text but doesn't throw an exception. – Ben Lesh Jan 16 '12 at 22:11
4

I'm using the RazorEngine outside of a web application, and can't get this to work :( Any ideas? – leypascua Mar 31 '12 at 10:53
@blesh & leypascua http://stackoverflow.com/questions/15273327/how-to-prevent-escaping-html-in-razor-standalone If you are using RazorEngine, then that is covered in this related question: http://stackoverflow.com/questions/15273327/how-to-prevent-escaping-html-in-razor-standalone – Ergwun May 14 '14 at 05:44

score 39 · Answer 2 · answered Feb 11 '11 at 20:07

39

Use the Html.Raw helper.

@Html.Raw(StaticFunctions.SpeakEvil())

answered Feb 11 '11 at 20:07

Oded

Nikkelmann · Answer 3 · 2012-03-21T11:14:32.403

4

Return a MvcHtmlString (Inherits from HtmlString) by calling the MvcHtmlString.Create() method like so:

public static MvcHtmlString SpeakEvil()
{
    return MvcHtmlString.Create("<script>alert('BLAH!!');</script>");
}

You could also make it into an String extension:

public static MvcHtmlString HtmlSafe(this string content)
{
    return MvcHtmlString.Create(content);
}

edited Mar 21 '12 at 11:14

answered Oct 30 '11 at 20:46

Nikkelmann

2

Nitpick, but when I see a method starting with "Is", I assume the method answers a question. i.e. `IsDecimal(0m) => true` – Samantha Branham Mar 19 '12 at 22:08
Fixed :) IsHtmlSafe -> HtmlSafe – Nikkelmann Mar 21 '12 at 11:15

3 Answers3