Don’t call Html.Encode in Razor Pages

One of the unique features of ASP.Net WebPages (formerly Razor) is automatic HTML encoding.  All strings printed by embedded code nuggets (@ blocks) are automatically HTML-encoded.

In addition to this feature, Razor also includes the Html.Encode method, probably copied from ASP.Net MVC.  Calling this method naively leads to a nasty surprise – the string will be double-encoded!
To see why, look more closely at a typical call: @Html.Encode("<text>").  This Razor markup will call Html.Encode, which returns the string "&lt;text&gt;".   Since it returns a string and not an IHtmlString, the Razor engine will encode it again, and render &amp;lt;text&amp;gt;.

Careful thought indicates that this behavior is probably correct.  The programmer (hopefully) knows that Razor will escape its output, so the call to Html.Encode should be an attempt to display encoded text.  In fact, this is the simplest way to display HTML-encoded text in a Razor view. 

However, even if it is correct, the behavior is unexpected and should not be relied upon.  The unambiguous way to display encoded text is to call Html.Raw:

@Html.Raw(Html.Encode(Html.Encode("Double-encoded <html> text!")))

Although it is long and clunky, this clearly shows that the text will be double-encoded.

Exercise for the reader: Why is it also necessary to call Html.Raw?

14 comments:

thanks!

Good.Thanks!

In my opinion, on https://eduessayhelper.org/blog/graduation-speech you will find useful information about writing graduation speech. It was useful to read for me and my college friends

I am a student of ASP.Net languages and found it really messy to learn. Due to my project, I have been looking to many magazines such as Coursework Writing Service to get some information and gather it to my notepad. After while, I got here and happy to learn some more facts.

We advise you to work the judgment in your economics assignment help online and support the Our online tutorial inspires an interactive whiteboard anywhere scholars and mentors. economics assignment help online

Hope you will keep on offering good content like this more often. I feel more and more people should know about this. Also, I agree on most of the points you have made.
Management Assignment Help



شركة مكافحة حشرات بالاحساء شركة مكافحة حشرات بالاحساء
شركة مكافحة النمل الابيض بالرياض شركة مكافحة النمل الابيض بالرياض

Basically, due to the globalization of economy and business most companies need employees who can communicate with foreign buyers competently and the language chosen is English. Any important company will hire their professional staff not only after checking their specific capacity to deal with the job offered but also after getting to know how much English the prospect employee knows here empire essay service and moreover it is quite important in today's life to prepare different articles, it can be simple essay for school or university, complicated thesises and even different statistics and job related papers, everything you can find at that site.

mr jatt Mp3 New Punjabi Song,Single Tracks Latest song download also Listen Latest Music Albums Online in High Quality at Mrpendus.in
mr jatt

If you want to build your application as soon as possible, then ASP.Net can be the best option for you. I have created my application within 3 days, and I am fully satisfied from this. cheap coursework writing

I learned absolutely everything about my question when I read this post, thanks to the author for the detailed description. I wrote my review on the https://essaysservicesreviews.com/myperfectwords-review/ you can go in and read. Thank you very much for your attention and your time.

Your blogs are really good and interesting. It is very great and informative. Careful thought indicates that this behavior is probably correct. The programmer (hopefully) knows that Razor will escape its output, so the call to Html bankruptcy lawyers in virginia beach. Encode should be an attempt to display encoded text. In fact, this is the simplest way to display HTML-encoded text in a Razor view. I got a lots of useful information in your blog. Keeps sharing more useful blogs..

Learn about the disadvantages of using HTML.Encode in Razor Pages and investigate other HTML encoding techniques. Ensure secure coding techniques and improve your web development abilities.I can't wait to read more content like to this in the future. I have no doubt that a lot of readers will benefit from this content. I appreciate you sharing your knowledge and experience.
fairfax DUI Checkpoint

Avoid using Html.Encode in Razor Pages as it can lead to unnecessary double encoding of content, potentially causing display issues. Razor Pages automatically handles HTML encoding, ensuring content is safely rendered without manual intervention. how much is a 15 over speeding ticket in virginia

Post a Comment