什么是ASP.Net Core 2.0中[AllowHtml]的替代项 [英] What is the alternate of [AllowHtml] in ASP.Net Core 2.0

问题描述

我想将CKEditor集成到我的MVC Core 2.0应用程序中，在以前的版本中，我通过在字符串属性中添加[AllowHTML]数据注释来使用它.但是在ASP.Net Core中，我找不到将HTML插入字符串输入中的正确方法.

I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.

我在ASP.Net MVC 5中的代码

My code in in ASP.Net MVC 5

[AllowHtml]
[DataType(DataType.MultilineText)]
public string Profile { get; set; }

但是在ASP.Net Core 2.0中[AllowHtml]无法正常工作.我在Google中进行了搜索，但除了此链接 https://docs.microsoft.com/zh-cn/aspnet/core/security/cross-site-scripting

but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting

[DataType(DataType.MultilineText)]
public string Profile { get; set; }

我真的很困扰这个问题，需要.Net专家的帮助，谢谢.

I am really stuck with this issue and need help from .Net experts, Thanks.

推荐答案

使用Asp.Net Core剃须刀，您可以通过以下方式将原始html输出到页面中:

Using Asp.Net Core razor you can output raw html into the page via the following:

     @Html.Raw(theString)

我有义务指出，您需要确保theString包含要输出的安全HTML，这样它才不会对XSS攻击敞开大门.

I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.

这篇关于什么是ASP.Net Core 2.0中[AllowHtml]的替代项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！