262

Razor encodes string by default. Is there any special syntax for rendering without encoding?

SiberianGuy
  • 24,674
  • 56
  • 152
  • 266

6 Answers6

396

Since ASP.NET MVC 3, you can use:

@Html.Raw(myString)
Lucas
  • 17,277
  • 5
  • 45
  • 40
  • 9
    This is not entirely correct. Yes, you can insert a raw string but if you have `"'<>etc...` these will be escaped. The correct way is to use the MvcHtmlString which will allow "illegal" characters. For instance, if you're encoding Json data... without encoding an entire model – Daniel B. Chapman Jun 28 '13 at 21:34
  • 5
    Daniel, [Html.Raw()](http://msdn.microsoft.com/en-us/library/gg480740.aspx) "returns markup that is not HTML encoded." – Lucas Jul 01 '13 at 14:13
  • 1
    Html.Raw() encodes the quotes... `"myAttr='hello';myInt=10"` – serge Nov 27 '15 at 08:39
  • 5
    It does NOT encode quotes. Besides the obvious documentation stating it plain as day (_"This method wraps HTML markup using the IHtmlString class, which renders **unencoded** HTML."_) I also tested this and quotes are not encoded. – James Wilkins Dec 04 '17 at 06:25
63
@(new HtmlString(myString))
Matthew Vines
  • 27,253
  • 7
  • 76
  • 97
36

As well as the already mentioned @Html.Raw(string) approach, if you output an MvcHtmlString it will not be encoded. This can be useful when adding your own extensions to the HtmlHelper, or when returning a value from your view model that you know may contain html.

For example, if your view model was:

public class SampleViewModel
{
  public string SampleString { get; set; }
  public MvcHtmlString SampleHtmlString { get; set; }
}

For Core 1.0+ (and MVC 5+) use HtmlString

public class SampleViewModel
{
  public string SampleString { get; set; }
  public HtmlString SampleHtmlString { get; set; }
}

then

<!-- this will be encoded -->
<div>@Model.SampleString</div>
<!-- this will not be encoded -->
<div>@Html.Raw(Model.SampleString)</div>
<!-- this will not be encoded either -->
<div>@Model.SampleHtmlString</div>
Piotr Kula
  • 9,597
  • 8
  • 59
  • 85
Jonathan Moffatt
  • 13,309
  • 8
  • 51
  • 49
11

Use @Html.Raw() with caution as you may cause more trouble with encoding and security. I understand the use case as I had to do this myself, but carefully... Just avoid allowing all text through. For example only preserve/convert specific character sequences and always encode the rest:

@Html.Raw(Html.Encode(myString).Replace("\n", "<br/>"))

Then you have peace of mind that you haven't created a potential security hole and any special/foreign characters are displayed correctly in all browsers.

Tony Wall
  • 1,382
  • 20
  • 18
  • +1 Exactly what I needed! The string still needs to be encoded but the line returns need to be html. Thanks! – Peter Mar 14 '16 at 19:41
  • `@Html.Raw(Html.Encode(myString).Replace(Html.Encode("\n"), "
    "))` for ASP.NET Core     – kenjiuno Mar 28 '18 at 09:59
6

In case of ActionLink, it generally uses HttpUtility.Encode on the link text. In that case you can use HttpUtility.HtmlDecode(myString) it worked for me when using HtmlActionLink to decode the string that I wanted to pass. eg: 

  @Html.ActionLink(HttpUtility.HtmlDecode("myString","ActionName",..)
gutsy_guy
  • 327
  • 2
  • 11
1

You can also use the WriteLiteral method

Hamid Shahid
  • 4,486
  • 3
  • 32
  • 41