Display encoded html with razor

Question

I store encoded HTML in the database.

The only way i could display it correctly is :

<div class='content'>    
   @MvcHtmlString.Create(HttpUtility.HtmlDecode(Model.Content));
</div>

It's ugly. Is there any better way to do this?

Amitabh · Accepted Answer · 2016-12-29T09:59:49.413

157

Try this:

<div class='content'>    
   @Html.Raw(HttpUtility.HtmlDecode(Model.Content))
</div>

edited Dec 29 '16 at 09:59

answered Feb 17 '11 at 15:36

Amitabh

59,111
42
110
159

Thanks! This is better, but still not what I looking for. – jani Feb 17 '11 at 15:52
8

I ended up making an extension method according this idea. @Html.RawDecode(Model.Content) – jani Feb 17 '11 at 15:56
3

Just avoid ; in the end – Giovanny Farto M. Dec 29 '15 at 05:48
This works but its so dirty... ended up making an Extention method with this wrapped, can someone explain why doesnt the .Raw just work? – Egli Becerra Jul 22 '17 at 13:45
1

Just be aware that this will introduce XSS vulnerabilities, so make sure you trust the input. If you need to store and render formatted text from users, use more suitable markup languages like markdown or some custom XML like editors. – Matěj Groman Sep 06 '21 at 16:31

score 49 · Answer 2 · answered Feb 17 '11 at 13:04

49

Use Html.Raw(). Phil Haack posted a nice syntax guide at http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx.

<div class='content'>
    @Html.Raw( Model.Content )
</div>

answered Feb 17 '11 at 13:04

tvanfosson

524,688
99
697
795

1

Thank for the reply. But i think the Html.Raw() is 'display as it is, do not encode'. So if I use this, then I can't decode my html before I save it to the database. So it will display the user entered content without any 'security' check. So I think this is not the best solution. – jani Feb 17 '11 at 15:05

Muhammad Soliman · Answer 3 · 2013-06-25T21:13:25.380

9

this is pretty simple:

HttpUtility.HtmlDecode(Model.Content)

Another Solution, you could also return a HTMLString, Razor will output the correct formatting:

in the view itself:

@Html.GetSomeHtml()

in controller:

public static HtmlString GetSomeHtml()
{
    var Data = "abc<br/>123";
    return new HtmlString(Data);
}

edited Jun 25 '13 at 21:13

answered May 25 '13 at 15:48

Muhammad Soliman

21,644
6
109
75

score 8 · Answer 4 · answered Jul 21 '14 at 12:55

8

You can also simply use the HtmlString class

    @(new HtmlString(Model.Content))

answered Jul 21 '14 at 12:55

Bellash

7,560
6
53
86

score 1 · Answer 5 · answered Jun 13 '16 at 09:58

I store encoded HTML in the database.

Imho you should not store your data html-encoded in the database. Just store in plain text (not encoded) and just display your data like this and your html will be automatically encoded:

<div class='content'>
    @Model.Content
</div>

score 0 · Answer 6 · answered Mar 26 '20 at 08:01

I just got another case to display backslash \ with Razor and Java Script.

My @Model.AreaName looks like Name1\Name2\Name3 so when I display it all backslashes are gone and I see Name1Name2Name3

I found solution to fix it:

var areafullName =  JSON.parse("@Html.Raw(HttpUtility.JavaScriptStringEncode(JsonConvert.SerializeObject(Model.AreaName)))");

Don't forget to add @using Newtonsoft.Json on top of chtml page.

Display encoded html with razor

6 Answers6

Linked