asp.net-mvc HTML.Encode 但保留换行符
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5560585/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HTML.Encode but preserve line breaks
提问by BZink
I take user input into a text area, store it and eventually display it back to the user.
我将用户输入放入文本区域,将其存储并最终显示给用户。
In my View (Razor) I want to do something like this...
在我看来(剃刀)我想做这样的事情......
@Message.Replace("\n", "</br>")
This doesn't work because Razor Html Encodes by default. This is great but I want my line breaks.
这不起作用,因为默认情况下 Razor Html 编码。这很棒,但我想要我的换行符。
If I do this I get opened up to XSS problems.
如果我这样做,我就会面临 XSS 问题。
@Html.Raw(Message.Replace("\n", "</br>"))
What's the right way to handle this situation?
处理这种情况的正确方法是什么?
回答by Richard Schneider
Use HttpUtility.HtmlEncode then do the replace.
使用 HttpUtility.HtmlEncode 然后进行替换。
@Html.Raw(HttpUtility.HtmlEncode(Message).Replace("\n", "<br/>"))
回答by Tony Borres
If you find yourself using this more than once it may be helpful to wrap it in a custom HtmlHelper like this:
如果您发现自己不止一次使用它,将它包装在一个自定义的 HtmlHelper 中可能会有所帮助,如下所示:
namespace Helpers
{
public static class ExtensionMethods
{
public static IHtmlString PreserveNewLines(this HtmlHelper htmlHelper, string message)
{
return message == null ? null : htmlHelper.Raw(htmlHelper.Encode(message).Replace("\n", "<br/>"));
}
}
}
You'll then be able to use your custom HtmlHelper like this:
然后你就可以像这样使用你的自定义 HtmlHelper:
@Html.PreserveNewLines(Message)
Keep in mind that you'll need to add a using to your Helpers namespace for the HtmlHelper to be available.
请记住,您需要向 Helpers 命名空间添加 using 以使 HtmlHelper 可用。
回答by Erik Funkenbusch
You can encode your message, then display it raw. Something like:
您可以对消息进行编码,然后以原始方式显示。就像是:
@Html.Raw(Server.HtmlEncode(Message).Replace("\n", "<br/>"))
回答by CodeSi
For those who use AntiXssEncoder.HtmlEncode
对于那些使用 AntiXssEncoder.HtmlEncode 的人
As AntiXssEncoder.HtmlEncode encode the /r/n character to so the statement should be
由于 AntiXssEncoder.HtmlEncode 将 /r/n 字符编码为, 所以语句应该是
_mDraftMsgModel.wnItem.Description = AntiXssEncoder.HtmlEncode(draftModel.txtMsgContent, false).Replace(" ", "<br/>");
回答by Dave Lucre
In my case, my string contained html that I wanted to encode but I also wanted the HTML line breaks to remain in place. The code below turns the HTML line breaks in to \n then encodes everything. It then turns all instances of \n back in to HTML line breaks:
就我而言,我的字符串包含我想编码的 html,但我也希望 HTML 换行符保持原位。下面的代码将 HTML 换行符转换为 \n,然后对所有内容进行编码。然后它将 \n 的所有实例重新转换为 HTML 换行符:
@Html.Raw(HttpUtility.HtmlEncode(message.Replace("<br/>", "\n").Replace("<br />", "\n")).Replace("\n", "<br/>"))
