461

I've got safe/sanitized HTML saved in a DB table.

How can I have this HTML content written out in a Razor view?

It always escapes characters like < and ampersands to &amp;.

Improve this question
1
  • To save people like me trying to do this with with anonymous types in dynamically typed views, where this won't work - see this answer to my more-specific question. Although using this approach with a strongly-typed view is still better if your situation allows. Commented Jul 9, 2015 at 1:00

7 Answers 7

Reset to default
688

Supposing your content is inside a string named mystring...

You can use:

@Html.Raw(mystring)

Alternatively you can convert your string to HtmlString or any other type that implements IHtmlString in model or directly inline and use regular @:

@{ var myHtmlString = new HtmlString(mystring);}
@myHtmlString
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Thanks for this answer. Helped me finish a little task I was learning. :) However I'm using the latest version of MVC3 and so far no Html.Raw :(
Hi Sergio. I'm using MVC 3 and i'm using the Raw method properly.
Thank you for the answer! I'm still learning MVC 3 and this was eluding me.
@Lorenzo, +1 I'm using the latest MVC 3 with razor syntax and Html.Raw is definitely available to me.
Lorenzo, I've updated answer to remove mentioning of MVC Beta as it was some years ago. Feel free to revert/change.
|
78

You can use

@{ WriteLiteral("html string"); }
Improve this answer

2 Comments

This was awesome for me, was using Razor within a Hangfire app to send emails... Html.Raw() doesn't work there
1 for WriteLiteral
76

In ASP.NET MVC 3 You should do something like this:

// Say you have a bit of HTML like this in your controller:
ViewBag.Stuff = "<li>Menu</li>"
//  Then you can do this in your view:
@MvcHtmlString.Create(ViewBag.Stuff)
Improve this answer

1 Comment

I prefer this method because HTML.Raw blows up if the passed string is null.
10

Sometimes it can be tricky to use raw html. Mostly because of XSS vulnerability. If that is a concern, but you still want to use raw html, you can encode the scary parts.

@Html.Raw("(<b>" + Html.Encode("<script>console.log('insert')</script>" + "Hello") + "</b>)")

Results in

(<b>&lt;script&gt;console.log('insert')&lt;/script&gt;Hello</b>)
Improve this answer

Comments

5

You can put your string into viewdata in controller like this :

 ViewData["string"] = DBstring;

And then call that viewdata in view like this :

@Html.Raw(ViewData["string"].ToString())
Improve this answer

Comments

2

Apart from using @MvcHtmlString.Create(ViewBag.Stuff) as suggested by Dommer, I suggest you to also use AntiXSS library as suggested phill http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx

It encodes almost all the possible XSS attack string.

Improve this answer

Comments

0

Complete example for using template functions in RazorEngine (for email generation, for example):

@model SomeModel
@{
    Func<PropertyChangeInfo, object> PropInfo =
        @<tr class="property">
            <td>
                @item.PropertyName                
            </td>
            <td class="value">
                <small class="old">@item.OldValue</small>
                <small class="new">@item.CurrentValue</small>                
            </td>
        </tr>;
}

<body>

@{ WriteLiteral(PropInfo(new PropertyChangeInfo("p1", @Model.Id, 2)).ToString()); }

</body>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.