Login/Register
HTML.Encode but preserve line breaks
Asked Answered
Solved asp.net-mvcasp.net-mvc-3html-encode
M

5

44

I take user input into a text area, store it and eventually display it back to the user.

In my View (Razor) I want to do something like this...

@Message.Replace("\n", "</br>")

This doesn't work because Razor Html Encodes by default. This is great but I want my line breaks.

If I do this I get opened up to XSS problems. 

@Html.Raw(Message.Replace("\n", "</br>"))

What's the right way to handle this situation?

Misdirection answered 6/4, 2011 at 1:36 Comment(0)
M
57

Use HttpUtility.HtmlEncode then do the replace.

@Html.Raw(HttpUtility.HtmlEncode(Message).Replace("\n", "<br/>"))
Mcclintock answered 6/4, 2011 at 1:43 Comment(3)
Awesome! been looking for this.Zarla
For asp.net core I had to look for the escaped chars when doing the replace so below looks for both carriage return and line feed together @Html.Raw(Html.Encode(output).Replace("&#xD;&#xA;", "<br/>"))Kapoor
This didnt work for me. I used this: @Html.Raw("Customer Name\nAddress".Replace("\n", "<br />"))Xanthippe
T
13

If you find yourself using this more than once it may be helpful to wrap it in a custom HtmlHelper like this:

namespace Helpers
{
    public static class ExtensionMethods
    {
        public static IHtmlString PreserveNewLines(this HtmlHelper htmlHelper, string message)
        {
            return message == null ? null : htmlHelper.Raw(htmlHelper.Encode(message).Replace("\n", "<br/>"));
        }
    }
}

You'll then be able to use your custom HtmlHelper like this:

@Html.PreserveNewLines(Message)

Keep in mind that you'll need to add a using to your Helpers namespace for the HtmlHelper to be available.

Thrust answered 31/5, 2013 at 4:23 Comment(1)
Thanks for this, I love HtmlHelpers and extension methods; makes for some fairly clean usage. Regarding namespaces, I tend to put my helpers in the System.Web.Mvc namespace. This saves me the trouble of constantly adding using statements by making it 'always available' throughout my app, and makes it easier to copy my helper code from project to project since I don't have to change the namespace.Satanism
W
9

You can encode your message, then display it raw. Something like:

@Html.Raw(Server.HtmlEncode(Message).Replace("\n", "<br/>"))
Waterer answered 6/4, 2011 at 1:42 Comment(0)
I
2

For those who use AntiXssEncoder.HtmlEncode

As AntiXssEncoder.HtmlEncode encode the /r/n character to &#13;&#10; so the statement should be 

_mDraftMsgModel.wnItem.Description = AntiXssEncoder.HtmlEncode(draftModel.txtMsgContent, false).Replace("&#13;&#10;", "<br/>");
Illstarred answered 28/10, 2016 at 8:54 Comment(0)
B
0

In my case, my string contained html that I wanted to encode but I also wanted the HTML line breaks to remain in place. The code below turns the HTML line breaks in to \n then encodes everything. It then turns all instances of \n back in to HTML line breaks:

@Html.Raw(HttpUtility.HtmlEncode(message.Replace("<br/>", "\n").Replace("<br />", "\n")).Replace("\n", "<br/>"))
Bicarb answered 20/6, 2018 at 4:26 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.