发表新帖
发表新帖

Is there a risk in using @Html.Raw?

后端 未结
关注
3 650
梦毁少年i
梦毁少年i 2021-01-18 11:18

Is there a risk in using @Html.Raw? It seems to me there shouldn\'t be. If there is a risk then wouldn\'t that risk already exist regardless of using @Htm

相关标签:
3条回答
  • 慢半拍i
    2021-01-18 11:43

    @Html.Raw will allow executing any script that is on the value to display. If you want to prevent that you need to use @Html.AttributeEncode

    0 讨论(0)
  • 一生所求
    2021-01-18 11:51

    Correct, the risk is in how it is used. There's no risk inherent in Html.Raw. It's a tool, nothing more.

    0 讨论(0)
  • 傲寒
    2021-01-18 11:53

    If you are displaying user entered information it is better to use @Html.Encode().

    In another words, if you are displaying non-user eneterd data you are safe to go with @Html.Raw()

    0 讨论(0)
 看不清?
提交回复
热议问题