在的Razor视图发光unen codeD字符串 [英] Emitting unencoded strings in a Razor view
问题描述
由于ScottGu在自己的博客帖子«表示默认内容使用@块自动连接HTML codeD,以便更好地对XSS攻击方案»保护发出。
我的问题是:你怎么能输出非HTML-CN codeD字符串
为了简单起见,请坚持这个简单的例子:
@ {
VAR HTML =< A HREF ='#'>点击ME< / A>中
//我要发出previous字符串作为纯HTML code ...
}
这是我最喜欢的方式:
@ Html.Raw(< P>我的一段文字< / P>中)
来源是菲尔哈克的剃刀语法参考:<一href=\"http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx\">http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx
As ScottGu says in his blog post «by default content emitted using a @ block is automatically HTML encoded to better protect against XSS attack scenarios». My question is: how can you output a non-HTML-encoded string?
For the sake of simplicity, pls stick to this simple case:
@{
var html = "<a href='#'>Click me</a>"
// I want to emit the previous string as pure HTML code...
}
This is my favorite approach:
@Html.Raw("<p>my paragraph text</p>")
Source was Phil Haack's Razor syntax reference: http://haacked.com/archive/2011/01/06/razor-syntax-quick-reference.aspx
这篇关于在的Razor视图发光unen codeD字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!