asp.net - Emitting unencoded strings in a Razor view -


As per ScottGu in his blog «HTML HTML XSS attack automatically by the default content emitted using a @ block Scenarios » My question is how can you output a non-HTML-encoded string?

For simplicity, stick to this simple matter:

  @ {var html = "& lt; a href = '#' & gt; click me & Lt; / a & gt; // I want to emit the last string as a pure HTML code ...}  

This is my favorite view:

  @ html.Raw ("

My paragraph text ") < / Pre>

Source Phil hack razor syntax reference:


Comments

Popular posts from this blog

c# - sqlDecimal to decimal clr stored procedure Unable to cast object of type 'System.Data.SqlTypes.SqlDecimal' to type 'System.IConvertible' -

Calling GetGUIThreadInfo from Outlook VBA -

Obfuscating Python code? -