Disable *ALL* Automatic HTML Escaping in ASP.Net/Core MVC

时间:2019-04-16 23:12:02

标签: asp.net asp.net-mvc asp.net-core .net-core escaping

In ASP.Net/Core MVC, the auto-HTML escaping happens when you echo a string variable inside a Razor view. For example:

<div>@("<b>Hello</b>")</div>

is output as

<div>&lt;b&gt;Hello&lt;/b&gt;</div>

How can I disable this feature by default in ASP.Net/Core MVC, without having to use a helper everywhere like Html.Raw(), WriteLiteral(), new HtmlString(), et cetera?

I understand the reasoning behind this functionality but I am experimenting with alternate escape methods.

1 个答案:

答案 0 :(得分:1)

You can not disable it.

ASP.Net/Core MVC design for preventing Injection (Web Application Security), the @ use frequently so it need prevent HTML or Javascript injection.

相关问题
最新问题