asp.net - Emitting unencoded strings in a Razor view -
As per ScottGu in his blog «HTML HTML XSS attack automatically by the default content emitted using a @ block Scenarios » My question is how can you output a non-HTML-encoded string?
For simplicity, stick to this simple matter:
@ {var html = "& lt; a href = '#' & gt; click me & Lt; / a & gt; // I want to emit the last string as a pure HTML code ...}
This is my favorite view:
@ html.Raw ("
< / Pre>My paragraph text ")
Source Phil hack razor syntax reference:
Comments
Post a Comment