locked
How to use HtmlDecode ? RRS feed

  • Question

  • User-1370514677 posted

    Hi everyone,

    I'm reading this article : Encode and decode a piece of text to its HTML equivalent - HTML Entities Encoder / Decoder | Web 2.0 Generators (web2generators.com)

    And I'd like to know the best way to use HtmlDecode inside a View ?

    I found this doc : HttpUtility.HtmlDecode Method (System.Web) | Microsoft Docs

    But it doesn't seem to really work here :

            [HttpGet]
            public async Task<IActionResult> Read(int Id)
            {
                var article = await _articleDbContext.Articles.FindAsync(Id);
    
                var readArticleViewModel = new ReadArticleViewModel{
                    AuthorName = (await _userManager.FindByIdAsync(article.AuthorId)).UserName,
                    PublicationDate = article.PublicationDate.ToString("dd/MM/yyyy"),
                    Title = article.Title,
                    Description = article.Description,
                    Content =  System.Web.HttpUtility.HtmlDecode(article.Content),
                };
    
                return View(readArticleViewModel);
            }
    using System;
    
    namespace WebApp.ViewModels.Article
    {
        public class ReadArticleViewModel
        {
            public string AuthorName { get; set; }
            public string PublicationDate { get; set; }
            public string Title { get; set; }
            public string Description { get; set; }
            public string Content { get; set; }
        }
    }

    Indeed :

    <strong>Test</strong>

    will result in :

    &lt;strong&gt;Test&lt;/strong&gt;

    Best regards

    Monday, March 15, 2021 10:41 AM

Answers

  • User475983607 posted

    Rendering HTML is a security risk.  You must opt-in to do this and the Raw helper is the only way I know of.    I recommend fixing your design if you want to use HTML style tag.

    <strong>@ViewData["foo"]</strong>

    Or write a custom tag helper to suite your needs.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 16, 2021 7:08 PM

All replies

  • User475983607 posted

    You must opt-in to write raw HTML in a View.   Only do this if you trust the HTML.

    Monday, March 15, 2021 11:32 AM
  • User-1370514677 posted

    Hi @mgebhard,

    Thanks for your answer, what do you mean exactly ?

    Because this is what I've done here isn't it ?

    @model WebApp.ViewModels.Article.ReadArticleViewModel
    
    <div id="article_content">
        <p>Par : @Model.AuthorName</p>
        <p>Rédigé le : @Model.PublicationDate</p>
        <p>@Model.Content</p>
    </div>

    Monday, March 15, 2021 12:16 PM
  • User475983607 posted

    Sorry I forgot the code example.

            [HttpGet]
            public IActionResult Index()
            {
                ViewBag.Data = @"<strong>Test</strong>";
                return View();
            }
    <div>
        @Html.Raw(ViewBag.Data)
    </div>

    Monday, March 15, 2021 12:21 PM
  • User-1370514677 posted

    Hi mgebhard,

    Isn't there a "cleaner" way to do it ? I mean using @Html.Foo instructions is not what I prefer. I like asp-foo style tag helpers or @ViewData["foo"].

    Also I don't get why I wouldn't use my readArticleViewModel ?

    Tuesday, March 16, 2021 4:27 PM
  • User475983607 posted

    Rendering HTML is a security risk.  You must opt-in to do this and the Raw helper is the only way I know of.    I recommend fixing your design if you want to use HTML style tag.

    <strong>@ViewData["foo"]</strong>

    Or write a custom tag helper to suite your needs.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, March 16, 2021 7:08 PM
  • User-1370514677 posted

    All right it works perfectly !

    I just thought that I couldn't use it with a Model.Foo attribute but it works :

    <div id="article_content">
        <p>Par : @Model.AuthorName</p>
        <p>Rédigé le : @Model.PublicationDate</p>
        <p>@Html.Raw(Model.Content)</p>
    </div>

    Thanks !

    Tuesday, March 16, 2021 7:19 PM