locked
render HTML in MVC view RRS feed

  • Question

  • User711271321 posted

    Hello everyone ,

    I am using the very popular FCKEditor in my MVC APplication. I encode the HTML before saving in database and an inspection into the tables shows a correctly encoded HTML.

    The problem is , when i decode that HTML to show in my page..my decoded html has  tags and not the formatting

    like this:

    <p> <u><em><strong>Test Content</strong></em></u></p>

    what am i supposed to do to output the formatting in the view.


    Thanx in Advance




    Thursday, July 8, 2010 6:22 PM

Answers

  • User197322208 posted

    1. do not encode html

    2.

    do not use

    <% :(data)

    or

    <% = Response.HtmlEncode(data)

    but use

    <% = (data)

    If does not work, could you show the code for putting into the database and for displaying ?

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 9, 2010 12:27 AM

All replies

  • User197322208 posted

    1. do not encode html

    2.

    do not use

    <% :(data)

    or

    <% = Response.HtmlEncode(data)

    but use

    <% = (data)

    If does not work, could you show the code for putting into the database and for displaying ?

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, July 9, 2010 12:27 AM
  • User711271321 posted

    Some time last night i figure that out, what you are telling me

    <%= (item.body)%> shows the formatted HTML

    Thanx anyways. Marked as answer.

    Friday, July 9, 2010 12:33 AM
  • User1073523950 posted

    Why does it not work with <%: (data) %> as I am using mvc2.

     

    Thursday, July 15, 2010 9:53 AM
  • User197322208 posted

    <%: is ASP.NET 4.

    MVC 2 works with ASP.NET 2 and ASP.NET 4

    Thursday, July 15, 2010 3:57 PM
  • User711271321 posted

    <%: (Data) %> will HTML encode the display data automatically , i reckon.

    So when you don want any more encoding you just use the plain old fashioned <%= Data%>.


    I remember watching a learners video on site and it was mentioned that you should always use <%: (Data)%> in MVC2 as it provides better security against Javascript injection attacks. 

    What i reckon is you do not need Protection against Javascript injection attack when field is a display field.

    BUT when its an input field you should use <%: TextBox("Name") %> or <%= Server.HtmlEncode(TextBox("Name"))%>.

    BOth are same, i reckon.

    You see i m not very confident coz i started learning .NET starting June and i am even newer to MVC2.


    Thursday, July 15, 2010 9:09 PM