1

I have some HTML stored in the database that looks exactly like this:

<strong><a href="http://www.google.com" target="_blank">Maintenance scheduled </a></strong>tomorrow

I want to output that to the Razor view properly formatted as HTML. I do not want to see the < and >, I just want the HTML.

You can see from this snippet that I've tried several different things:

div id="maintenanceMessage">
            @*@HttpUtility.HtmlDecode(sysSettings.MaintenanceMessage)*@
            @*@HttpUtility.HtmlDecode((new HtmlString(sysSettings.MaintenanceMessage)).ToString())*@
            @Html.Raw(sysSettings.MaintenanceMessage)
</div>

But in every case it keeps showing it as text:

<strong><a href="http://www.google.com" target="_blank">Maintenance scheduled </a></strong>tomorrow

and not formatted HTML. I'm not sure what I am doing wrong?

Improve this question

3 Answers 3

Reset to default
3

Try 

@MvcHtmlString.Create(HttpUtility.HtmlDecode(sysSettings.MaintenanceMessage))
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

need to be careful using this though, if the content is user generated, you will be wide open to XSS attacks
Excellent. That did the trick. In this case, only the highest level admins have access to that field, and the message would only show in the backend of the site. But, warning noted. Thank you!
0

if you replace the ascii before sending it to the view does it work. we send our strings through these

public string Decode(string value)
    {
        return (value)
            .Replace("&quot;", "\"")
            .Replace("&lt;", "<")
            .Replace("&gt;", ">");
    }

    public string Encode(string value)
    {
        return (value)
          .Replace("\"", "&quot;")
          .Replace("'", "''")
          .Replace("<", "&lt;")
          .Replace(">", "&gt;");
    }
Improve this answer

Comments

0

Check your stored content. Maybe when you tried to store it in the database, it got the special HTML characters replaced with encoding characters. For example:

In the Unicode format, every < sign from the HTML tags would be replaced with the &#60; character.

It's better to store the raw HTML then the encoded HTML, so you won't have to deal with Coding/Encoding conversions.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.