0

I am using VS 2012 and MVC 4. I am creating a simple CMS, so content of my pages will be dynamically updated, from c# code. (Content of each page with markups will be saved in the database).

The thing I don't know is how to update @renderbody or @rendersection from code (from C# controller)?

Example:

I have a master page:

MVC 4 master page

I have a content page that is derived from that master page:

MVC 4 content page

I want to get all that content from C# code. The reason for this is that my content will be in the database and there's gonna be a lot of pages, so content will change dynamically, depending on search conditions (I am creating a simple knowledge base, so users will be able to bold text, change text size and so on).

EDIT Thanks for pointing out that I haven't asked precisely enough - I am fetching content (which includes some HTML markups) from the database, not HTML for my pages. Example: MVC 4 Razor engine - content like this will be in the database.

Improve this question
22
  • 1
    If you store the HTML in your database, you'll have a difficult time updating any HTML later on. Why not just save the data needed in the DB and generate HTML on the fly by reading the page data from the database. This is usually how it's done. This lets you update HTML later or change themes, etc. Commented Jul 19, 2013 at 22:20
  • 1
    Will this work Is it possible to display raw Html from database in ASP.NET MVC 3? Commented Jul 19, 2013 at 22:21
  • 1
    Then you can use @Html.Raw(...) to output your raw HTML in your view. However, be careful because malicious HTML can be inserted into your database, which can then be sent to unsuspecting clients. Commented Jul 19, 2013 at 22:25
  • 1
    The difference is that SO content is not direct HTML markup. It's special markup that is processed on output and converted to HTML. Commented Jul 19, 2013 at 22:30
  • 2
    Updated URL blog.stackoverflow.com/2009/12/introducing-markdownsharp Commented Jul 19, 2013 at 22:42

1 Answer 1

Reset to default
2

If you have content in your database that you want to output, then you would retrieve it from your database and pass it to your view just as a string, just like any other string that would be passed to the view.

Normally, if you output a string in your view, the Razor engine will interpret it and encode is so that it is "safe" for the client. So if your string was "text", it would actually send "<b>text</b>". This will be interpretted by your browser and will actually display to you "text".

Instead, you want the engine to not encode the string. To do this, you would use Html.Raw(...) like this:

@Html.Raw(Model.MyContentFromMyDatabase)

The problem with this is that it will send HTML (for good or for bad) to the client.

If the HTML is malformed, then your page may not display correctly. For example:

<b>text

will make the text bold, and everything else after it on the page will be bold too.

If the HTML has malicious code, such as a <script> tag, then that malicious code would execute on the client.

This is why the razor engine encodes things by default: to ensure things are safe. This is also why ASP.NET MVC, by default, will block < and > characters on POST to an action.

These days, websites have moved to "markdown". That is, if someone is inputting text and wants part of it bold, they don't input a <b> tag. Instead, they surround the text with **. This is how SO does it. On output, the ** codes are interpreted and converted into valid HTML.

**text**

is converted to

<b>text</b>

StackOverflow has it's markdown syntax. GitHub has it's own version. You can create your own if you want.

MarkdownSharp is a markdown engine written in C#. You could just adapt it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks a lot for this wonderful answer. I will definitely take care of security, too. At first, security wasn't my thought at all. One more question: what if a user types in **text and not as it should be? I guess Markdown has some mechanism inside to check for correct forming of tags? So **text would not be parsed into <b>text?
Correct. Most likely it would just be left as **text.
While creating (or reusing an existing) markdown engine is an option you can also easily extend the existing ASP.NET Razor view engine and pull views from other sources, like embedded resources or even a database by using a custom VirtualPathProvider. Check out this question and the two links the answer provides: stackoverflow.com/questions/4218454/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.