将 Html.Raw() 存储在 Javascript、ASP.NET MVC 3 的字符串中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10015147/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Store Html.Raw() in a string in Javascript, ASP.NET MVC 3
提问by NibblyPig
I'm using ASP.NET and I have a string of HTML in the database.
我正在使用 ASP.NET 并且我在数据库中有一个 HTML 字符串。
I want to get that html into a variable on the client.
我想将该 html 放入客户端上的变量中。
If I do this:
如果我这样做:
var x = '@Html.Raw(myModel.FishValue)'
it works fine, because it's essentially doing
它工作正常,因为它本质上是在做
var x = '<p>hello!</p>';
however if there are quotes in the html it breaks the page.
但是,如果 html 中有引号,它会破坏页面。
My initial guess would be to .Replace the raw string to add escapes to the quotes, however both .ToString()and .ToHtmlString()(as Html.Raw returns an IHtmlString) do not produce the same markup as simple Html.Raw().
我最初的猜测是 .Replace 原始字符串以向引号添加转义符,但是两者.ToString()和.ToHtmlString()(因为 Html.Raw 返回 IHtmlString)不会产生与 simple 相同的标记Html.Raw()。
So I'm at a loss of what best to do.
所以我不知道什么是最好的。
回答by ClayKaboom
What about replacing before calling the Html.Rawmethod?
在调用Html.Raw方法之前替换怎么样?
var x = '@Html.Raw(myModel.FishValue.Replace("'","\'"))'
UPDATE:
更新:
There might be other escape chars in the string coming from the model. For that reason I would recommend replacing the slashes first as well. Of course it all depends on what might come from the server in your model.
来自模型的字符串中可能还有其他转义字符。出于这个原因,我也建议先更换斜线。当然,这一切都取决于模型中服务器可能提供的内容。
var x = '@Html.Raw(myModel.FishValue.Replace("\","\\'").Replace("'","\'"))'
A sample snippet representing the behavior in the javascript:
代表 javascript 中行为的示例片段:
//Let's say my Model Content is > I'd Say \ is a escape character. You can't "Escape"
// YOu would have to replace ' --> \' and \ --> \
var stringFromServer = 'I\'d Say \ is a escape character. You can\'t "Escape"'
alert(stringFromServer)回答by reach4thelasers
Try this:
试试这个:
var x = '@(System.Web.HttpUtility.HtmlEncode(myModel.FishValue))';
If you need to decode the HTML on the client side use
如果您需要在客户端解码 HTML,请使用
unescape(x)
I think JQuery (not sure if you're using it or not) handles encoded HTML strings so you might not need unescape().
我认为 JQuery(不确定您是否使用它)处理编码的 HTML 字符串,因此您可能不需要 unescape()。
回答by Adam Tuliper - MSFT
Try out the anti-xss library from Microsoft (which will be included I believe by default in asp.net 4.5):
试用 Microsoft 的 anti-xss 库(我相信默认情况下将包含在 asp.net 4.5 中):
AntiXss.JavascriptEncode(yourContent)
Anti-Xss is available 4.1 beta. If you want to use it in your application which I highly recommend, check out: http://weblogs.asp.net/jgalloway/archive/2011/04/28/using-antixss-4-1-beta-as-the-default-encoder-in-asp-net.aspx
Anti-Xss 可用 4.1 测试版。如果您想在我强烈推荐的应用程序中使用它,请查看:http: //weblogs.asp.net/jgalloway/archive/2011/04/28/using-antixss-4-1-beta-as-the -default-encoder-in-asp-net.aspx
