262

Razor encodes string by default. Is there any special syntax for rendering without encoding?

Improve this question

6 Answers 6

Reset to default
398

Since ASP.NET MVC 3, you can use:

@Html.Raw(myString)
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This is not entirely correct. Yes, you can insert a raw string but if you have "'<>etc... these will be escaped. The correct way is to use the MvcHtmlString which will allow "illegal" characters. For instance, if you're encoding Json data... without encoding an entire model
Daniel, Html.Raw() "returns markup that is not HTML encoded."
Html.Raw() encodes the quotes... "myAttr='hello';myInt=10"
It does NOT encode quotes. Besides the obvious documentation stating it plain as day ("This method wraps HTML markup using the IHtmlString class, which renders unencoded HTML.") I also tested this and quotes are not encoded.
63 
@(new HtmlString(myString))
Improve this answer

Comments

36

As well as the already mentioned @Html.Raw(string) approach, if you output an MvcHtmlString it will not be encoded. This can be useful when adding your own extensions to the HtmlHelper, or when returning a value from your view model that you know may contain html.

For example, if your view model was:

public class SampleViewModel
{
  public string SampleString { get; set; }
  public MvcHtmlString SampleHtmlString { get; set; }
}

For Core 1.0+ (and MVC 5+) use HtmlString

public class SampleViewModel
{
  public string SampleString { get; set; }
  public HtmlString SampleHtmlString { get; set; }
}

then

<!-- this will be encoded -->
<div>@Model.SampleString</div>
<!-- this will not be encoded -->
<div>@Html.Raw(Model.SampleString)</div>
<!-- this will not be encoded either -->
<div>@Model.SampleHtmlString</div>
Improve this answer

Comments

11

Use @Html.Raw() with caution as you may cause more trouble with encoding and security. I understand the use case as I had to do this myself, but carefully... Just avoid allowing all text through. For example only preserve/convert specific character sequences and always encode the rest:

@Html.Raw(Html.Encode(myString).Replace("\n", "<br/>"))

Then you have peace of mind that you haven't created a potential security hole and any special/foreign characters are displayed correctly in all browsers.

Improve this answer

2 Comments

+1 Exactly what I needed! The string still needs to be encoded but the line returns need to be html. Thanks!
@Html.Raw(Html.Encode(myString).Replace(Html.Encode("\n"), "<br/>")) for ASP.NET Core
6

In case of ActionLink, it generally uses HttpUtility.Encode on the link text. In that case you can use HttpUtility.HtmlDecode(myString) it worked for me when using HtmlActionLink to decode the string that I wanted to pass. eg: 

  @Html.ActionLink(HttpUtility.HtmlDecode("myString","ActionName",..)

Improve this answer

Comments

1

You can also use the WriteLiteral method

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.