ASP.NET MVC: how to enable some HTML markup in HTML-encoded content?

Question

ASP.NET MVC: how to enable some HTML markup in HTML-encoded content?

Is there any magical existing code in MVC 2 lines in Html.Encode () and allow certain HTML markup, like paragraph marks and breaks? (from the Linq to SQL field)

An example of terrible code to achieve an effect:

Html.Encode(Model.fieldName).Replace("&lt;br /&gt;", "<br />")

It would be very nice to overload something and pass it an array (or object) full of allowed html tags.

+3

asp.net-mvc html-encode

Zachary scott Mar 29 '10 at 5:00

source share

3 answers

, , , XSS.

"Pro ASP.NET MVC3 Framework": "... - : , HTML Agility Pack, , , ."

, XSS, , . http://ha.ckers.org/xss.html

+5

Joe Finsterwald 17 . '12 6:54

I can’t think of anything right off the bat, but I think you could write an extension method that allows you to add a parameter / list of elements that can be resolved.

Html.Encode(Mode.fieldName, List<items> Myitems);

It can modify valid tags in <, etc., and then encodes the rest, as usual.

+2

griegs Mar 29 '10 at 5:11

source share

Dean harding · Accepted Answer · 2010-03-29T05:15:27+0000

For ASP.NET or MVC there is nothing for this, but it is not so difficult to write your own whitelist with regular expressions and so on. Here is the one that Jeff wrote , although he is rather rude at the edges ...

ASP.NET MVC: how to enable some HTML markup in HTML-encoded content?

More articles: