Part 49 Html encoding in asp net mvc

15
2



Link for code samples used in the demo

Link for csharp, asp.net, ado.net, dotnet basics, mvc and sql server video tutorial playlists

In this video, we will discuss
1. What is HTML encoding
2. Why would you html encode
3. How to avoid html encoding in aspx and razor views

What is HTML encoding?
HTML encoding is the process of replacing ASCII characters with their ‘HTML Entity’ equivalents.

Why would you html encode?
To avoid cross site scripting attacks, all output is automatically html encoded in mvc. We will discuss cross-site scripting attack in a later video session.

Avoiding html encoding in razor views:
Sometimes, we have to avoid HTML encoding. There are 2 ways to disable html encoding
1. @Html.Raw(“YourHTMLString”)
2. Strings of type IHtmlString are not encoded

Consider the following custom Image() html helper.
public static class CustomHtmlHelpers
{
public static IHtmlString Image(this HtmlHelper helper, string src, string alt)
{
TagBuilder tb = new TagBuilder(“img”);
tb.Attributes.Add(“src”, VirtualPathUtility.ToAbsolute(src));
tb.Attributes.Add(“alt”, alt);
return new MvcHtmlString(tb.ToString(TagRenderMode.SelfClosing));
}
}

Notice that, this custom Image() HTML helper method returns string of type, IHtmlString. Strings of type IHtmlString are excluded from html encoding. So, when we invoke Image() helper method from a razor view, the image is rendered as expected.

However, if you modify the Image() method to return string of type System.String, the HTML is encoded and that’s what is shown on the view, instead of actually rendering the image.

@Html.Raw() method can also be used to avoid automatic html encoding. Notice that, the string that is returned by Image() method is passed as the input for Raw() method, which renders the image as expected.
@Html.Raw(Html.Image(@Model.Photo, @Model.AlternateText))

For techniques to avoid automatic html encoding, please visit my blog using the link below

Nguồn:https://wijstaanvooronzegrondrechten.org/

Xem Thêm Bài Viết Khác:https://wijstaanvooronzegrondrechten.org/cong-nghe

15 COMMENTS

  1. Hi Jim, Thank you very much for taking time to give feedback. In the description of this video, I have included the link for ASP .NET, C#, and SQL Server playlists. All the videos are arranged in logical sequence in these playlists, which could be useful to you. Please feel free to share the link with your friends. If you like these videos, please click on the THUMBS UP button below the video. For email alerts, when new videos are uploaded, you may subscribe to my channel.

  2. Thanks so much for taking the time to make these tutorials. After the MVC video series, what do you plan on doing next? Entity Framework, perhaps?

  3. First of all thank you very much for sharing us a valuable knowledge which show us a carrier path.I got one doubt while reading articles on LINQ .they are fallowing different syntax's to retrieve data from different data sources using LINQ as 1Query Expression syntax 2Extension method syntax 3few of them using combination of them My question is that Why they are going for different approaches,can't we achieve every thing with single approach?is it mandatory to mixup both toachieve fewoperation

  4. sir there is must to have foreign key constraint on the table where we want to join those two or more table. and how to join more than two tables…

  5. sir haven't able to answer the question in interview that was what is an thread and multiThread in C#. Master Pages in Asp.net

LEAVE A REPLY

Please enter your comment!
Please enter your name here