2

I want to add the integrity attribute to a script tag in my tag helper. It contains a + sign which I don't want encoded.

<script integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"></script>

This is my tag helper:

[HtmlTargetElement(Attributes = "script")]
public class MyTagHelper : TagHelper
{
    public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
    {
        // Omitted...

        output.Attributes["integrity"] = "sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7";
    }
}

This is the output of the above code, where + has been replaced by &#x2B;:

<script integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky&#x2B;er10rcgNR/VqsVpcw&#x2B;ThHmYcwiB1pbOxEbzJr7"></script>

How can I stop this encoding from taking place?

Improve this question

1 Answer 1

Reset to default
6

The provided code didn't work for me, as the ProcessAsync method wasn't called. There were some things wrong with this (abstract class can't be instantiated, there is no script attribute etc.).

The solution is basically that you create the TagHelperAttribute class yourself, instead of simply assigning the string type. 

@section Scripts {
    <script></script>
}

The tag helper

[HtmlTargetElement("script")]
public class MyTagHelper : TagHelper
{
    public const string IntegrityAttributeName = "integrity";
    public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
    {
        // Omitted...

        output.Attributes[IntegrityAttributeName] = new TagHelperAttribute(IntegrityAttributeName, new HtmlString("sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"));

        await Task.FromResult(true);
    }
}

This correctly outputs 

<script integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"></script>

The reason for this is, that TagHelperAttribute has an operator overload public static implicit operator TagHelperAttribute(string value) for the implicit (=) operator, which will create the TagHelperAttribute and pass the string as it's Value.

In Razor, strings get escaped automatically. If you want to avoid the escaping, you have to use HtmlString instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

That works fine with attributes but not with the tag content.
@LordofScripts: For tag content you have output.Content.Append(string unencoded) or output.Content.AppendHtml(new HtmlString("mystring&somethingelse")
thanks, just figured it out now and was going to post and update. Great!
Helped a lot. HtmlString works very well - with .NET Core 2.0.
Or just use output.Attributes.SetAttribute(IntegrityAttributeName, new HtmlString(...)).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.