HTML encoding is the process of encoding ASCII characters with their 'HTML Entity'
To avoid cross-site scripting attacks all HTML code needs to be encoded. By default in MVC, all output HTML code is encoded. In some cases, we can disable encoding in MVC application. Even if the encoding is disabled, if we want to restrict the cross-site-scripting we need to manually encode the HTML entity.
@Html.Raw("Your HTML String") is used to avoid HTML encoding in Razor view.
Strings of type IHtmlString are not encoded
@Html.Raw() method can also be used to avoid automatic HTML encoding.
To avoid cross-site scripting attacks all HTML code needs to be encoded. By default in MVC, all output HTML code is encoded. In some cases, we can disable encoding in MVC application. Even if the encoding is disabled, if we want to restrict the cross-site-scripting we need to manually encode the HTML entity.
@Html.Raw("Your HTML String") is used to avoid HTML encoding in Razor view.
Strings of type IHtmlString are not encoded
@Html.Raw() method can also be used to avoid automatic HTML encoding.
No comments:
Post a Comment