As ScottGu says in his blog post «by default content emitted using a @ block is automatically HTML encoded to better protect against XSS attack scenarios». My question is: how can you output a non-HTML-encoded string?
For the sake of simplicity, pls stick to this simple case:
var html = "<a href='#'>Click me</a>"
// I want to emit the previous string as pure HTML code...
I am currently writing a small templating system in ASP.NET to allow users to add content. For example, the user can enter the string (variable type is string).
topHeader[x] = "They think it's all over. It is now!";
However, one change that's needed is the ability to add some basic HTML tags within this content, so the following can be done
topHeader[x] = "They think it's all over. <strong>It is now!</strong>" or
topHeader[x] = "They think it's all over. <a title="Football News" href="URL">It is now!</a>";
If you add such things into strings now they are not formatted as HTML, but I want to somehow escape them so that they can be. Naturally I've looked on the Internet for the answer, but as Razor is fairly new there's not much out there to help me out.
I have looked all over for elegant solutions to this not so age-old question. How can I lock down form elements within an ASP.Net MVC View, without adding if...then logic all over the place? Ideally the BaseController, either from OnAuthorization, or OnResultExecultion, would check the rendering form elements and hide/not render them based on role and scope. Another approach I have considered is writing some sort of custom attributes, so as to stay consistent with how how we lock down ActionResults with [Authorize]. Is this even possible without passing a list of hidden objects to the view and putting if's all over? Other background info: We will have a database that will tell us at execution time (based on user role/scope) what elements will be hidden. We are using MVC3 with Razor Viewengine. We're utilizing a BaseController where any of the Controller methods can be overridden.
If I look at the Razor View Engine, then I see a very nice and concise syntax that is not particularly tied to generating html. So I wonder, how easy would it be to use the engine outside asp.net in a "normal" .net environment for example to generate text, code,...
I have an application which has been built in MVC 2.0. I need to upgrade it to MVC 3.0 and that too by using Razor CSHTML engine. All the information which I got on the net was for MVC 3.0 Webform engine but nothing much for migrating to Razor.
I can't seem to figure out how to set a breakpoint in a Razor view. I understand why that might seem a little weird and may be difficult since a cshtml file is a combination of html and then c# code, but I can step into it. The ability to step into it makes it seem like I should be able to set a breakpoint. Am I missing how to do this or is this not possible in the RC? If not any plans to add this before RTM or in the future?
How can I render a razor view in a Unit Test?When I change for instance a html helper method, I sometimes forget to update all the views which uses that html method. So the view I forgot generates a YSOD.I would like to create unit tests that renders a view and fails if I forgot to make the neccecary updates.
In my controller method, I'm trying to create an instance of a View (cshtml file) before I wrap it around an ActionResult and return it.Since there is no "class" for Razor Views to speak off, how does one go about creating an instance of a Razor View?
I'm working trying to realize a requirement where the pages should be 'configurable' at runtime (per client), stored in a database - a requirement that I have no say in Anyway, the current plan is to use the Razor view engine and 'load' the 'pages' dynamically. I have a basic sample working using a VirtualPathProvider and VirtualFile that serves up Raz'pages' on the fly.The question I have if there is a better approach when I have the Razor 'pages' stored in a dB (or any other repository)?
There seems to be some constraints and concerns when I check other postings. For example:'If a Web site is precompiled for deployment, content provided by a VirtualPathProvider instance is not compiled, and noVirtualPathProvider instances are used by the precompiled site.' (from http://msdn.microsoft.com/en-us/library/system.web.hosting.virtualpathprovider.aspx )
I want to modify the way the Views are organised in my project to allow for a custom way of handling Globalization
I want to have an extra route param containing the country code and to pass this down to the view engine so that the correct view is displayed.
My mapRoute rule in Global.asax is set up like this...
So I want to just have 1 controller called main and then have my view folders organised like this..../Views/Main/en/Index.cshtml/Views/Main/fr/Index.cshtml I have tried creating a custom view engine but i don't know how to access the countrycode route value because none of the examples show how to do this.
I'm trying to have all my views inherit from a custom class so that I can add certain behaviour and values to all pages, but I'm having some issues. I tried subclassing System.Web.Mvc.WebViewPage but I'm forced to implement an Execute procedure that I don't know what it should do. Also, if I try to access the Context variable, I get a null reference (really weird). This leads me to think that I may have the wrong base class.