I store encoded HTML in the database.
The only way i could display it correctly is :
<div class='content'> @MvcHtmlString.Create(HttpUtility.HtmlDecode(Model.Content));</div>
It's ugly.Is there any better way to do this?
i have a csv file which have some columns with trademark symbol (®) trademark symbol ™, i need to convert this htmlentites and insert into mysql database.it was converting only trademark symbol (®) but not trademark symbol ™Here is my php code
htmlentities($params, ENT_NOQUOTES, 'IISO-8859-1')
I take user input into a text area, store it and eventually display it back to the user.
In my View (Razor) I want to do something like this...
This doesn't work because Razor Html Encodes by default. This is great but I want my line breaks.
If I do this I get opened up to XSS problems.
What's the right way to handle this situation?
I know that the EURO currency symbol (€) is encoded as
€ in HTML, but the
System.Web.HttpUtility.HtmlEncode("€") doesn't encode it at all. Does anyone know why that is?
HttpUtility class provides for both encoding and decoding. But, when I use the MS AntiXSS 3.1 Library I have a set of methods only for encoding, does this mean decoding can be avoided?
Before applying AntiXSS:
lblName.Text = "ABC" + "<script> alert('Inject'); </script";
After applying AntiXSS:
lblName.Text = AntiXSS.HTMLEncode("ABC" + "<script> alert('Inject'); </script");
So, after applying the encoding, the HTML tags show up in my Label control.
Is this the desired outcome?