stackoom
  简体   繁体   中英

Disable *ALL* Automatic HTML Escaping in ASP.Net/Core MVC

 原文  2019-04-16 23:12:02       asp.net/ asp.net-mvc/ asp.net-core/ .net-core/ escaping

Question

In ASP.Net/Core MVC, the auto-HTML escaping happens when you echo a string variable inside a Razor view. For example: 

<div>@("<b>Hello</b>")</div>

is output as

<div>&lt;b&gt;Hello&lt;/b&gt;</div>

How can I disable this feature by default in ASP.Net/Core MVC, without having to use a helper everywhere like Html.Raw(), WriteLiteral(), new HtmlString(), et cetera?

I understand the reasoning behind this functionality but I am experimenting with alternate escape methods.

1 answers

solution1
 1  2019-04-17 00:41:59

You can not disable it.

ASP.Net/Core MVC design for preventing Injection (Web Application Security), the @ use frequently so it need prevent HTML or Javascript injection.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC how to disable automatic caching option? Auto Escaping Asp.Net MVC Stop asp.net from escaping HTML disable and select asp.net mvc Html.RadioButtonFor Automatic Mails in ASP.NET MVC Issues with HTML Encoding in ASP.NET Core MVC web application ASP.NET MVC Core WebAPI project not returning html asp.net mvc : disable mvc form Escaping all POST/GET parameters in ASP/ASP.net Unicode character escaping with JavaScriptSerializer on ASP.NET MVC depends on configuration?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM