什么是ASP.Net Core 2.0中[AllowHtml]的替代项 [英] What is the alternate of [AllowHtml] in ASP.Net Core 2.0
问题描述
我想将CKEditor集成到我的MVC Core 2.0应用程序中,在以前的版本中,我通过在字符串属性中添加[AllowHTML]数据注释来使用它.但是在ASP.Net Core中,我找不到将HTML插入字符串输入中的正确方法.
I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.
我在ASP.Net MVC 5中的代码
My code in in ASP.Net MVC 5
[AllowHtml]
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
但是在ASP.Net Core 2.0中[AllowHtml]无法正常工作.我在Google中进行了搜索,但除了此链接 https://docs.microsoft.com/zh-cn/aspnet/core/security/cross-site-scripting
but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
我真的很困扰这个问题,需要.Net专家的帮助,谢谢.
I am really stuck with this issue and need help from .Net experts, Thanks.
推荐答案
使用Asp.Net Core剃须刀,您可以通过以下方式将原始html输出到页面中:
Using Asp.Net Core razor you can output raw html into the page via the following:
@Html.Raw(theString)
我有义务指出,您需要确保theString
包含要输出的安全HTML,这样它才不会对XSS攻击敞开大门.
I feel obligated to point out that you need to ensure that theString
contains safe HTML to output such that it isn't an open door for XSS attacks.
这篇关于什么是ASP.Net Core 2.0中[AllowHtml]的替代项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!