Html.Encode seems to simply call
HttpUtility.HtmlEncode to replace a few html specific characters with their escape sequences.
However this doesn't provide any consideration for how new lines and multiple spaces will be interpretted (markup whitespace). So I provide a text area for the a user to enter a plain text block of information, and then later display that data on another screen (using
Html.Encode), the new lines and spacing will not be preserved.
I think there are 2 options, but maybe there is a better 3rd someone can suggest.
One option would be to just write a static method that uses HtmlEncode, and then replaces new lines in the resulting string with
<br> and groups of multiple spaces with
Another option would be to mess about with the
white-space: pre attribute in my style sheets - however I'm not sure if this would produce side effects when Html helper methods include new lines and tabbing to make the page source pretty.
Is there a third option, like a global flag, event or method override I can use to change how html encoding is done without having to redo the html helper methods?
I am new in PHP and I have wysihtml5 editor in my form and when I am adding iframe code in editor to store value into database iframe code encoded like:
<iframe width="560" height="315" src="<a target="_blank" rel="nofollow" href="http://www.youtube.com/embed/ycHXRWRKrdA?rel=0"">http://www.youtube.com/embed/ycHXRWRKrdA?rel=0"</a>; frameborder="0" allowfullscreen></iframe><br>
I want to store iframe code like below
<iframe width="560" height="315" src="http://www.youtube.com/embed/ycHXRWRKrdA?rel=0" frameborder="0" allowfullscreen></iframe>
In order to secure our
webapi application, we decided to encode and decode our data in order to avoid
xss attacks. We are doing this in our
Json contract resolver so this will happen for all the requests.
We've started to encode data like:
And we were decoding data like:
But I've read that for this tasks, the AntiXssEncoder is doing a better job, so we've replaced our encoding method with:
But the HttpEncoder.HtmlDecode inherited from the HttpEncoder) from this class is protected, so is it safe for the api to encode the dara using method from AntiXssEncoder, but decode it using WebUtility.HtmlDecode?
Is there a way to configure Json.Net to automatically encode all strings like
HtmlEncode(myString) when the model is serialized?
Given the following URL (working, try it!)
If you click on the link and go through to the payment page, the address in the address box is not displaying properly, the newline characters are displaying as text.
I've tried passing through
<br />'s but no luck, anyone got any ideas? I need to get the address to display with newlines.
Commas are OK as a separator but i would much prefer being able to have newlines. Thanks for any help! A working example will be the accepted answer.