html-encode
How to display HTML stored in a database from an ASP.NET MVC view?
Try this: <%= System.Web.HttpUtility.HtmlDecode(yourEncodedHtmlFromYouDatabase) %> More info here.
HTML encode user input when storing or when displaying
i’d strongly suggest encoding information on the way out. storing raw data in the database is useful if you wish to change the way it’s viewed at a certain point. the flow should be something similar to: sanitize user input -> protect against sql injection -> db -> encode for display think about a situation … Read more
Is there a JDK class to do HTML encoding (but not URL encoding)?
There isn’t a JDK built in class to do this, but it is part of the Jakarta commons-lang library. String escaped = StringEscapeUtils.escapeHtml3(stringToEscape); String escaped = StringEscapeUtils.escapeHtml4(stringToEscape); Check out the JavaDoc Adding the dependency is usually as simple as dropping the jar somewhere, and commons-lang has so many useful utilities that it is often worthwhile … Read more
How do I escape some html in javascript?
This should work for you: http://blog.nickburwell.com/2011/02/escape-html-tags-in-javascript.html function escapeHTML( string ) { var pre = document.createElement(‘pre’); var text = document.createTextNode( string ); pre.appendChild(text); return pre.innerHTML; } Security Warning The function doesn’t escape single and double quotes, which if used in the wrong context, may still lead to XSS. For example: var userWebsite=”” onmouseover=”alert(\”gotcha\’)” “‘; var profileLink … Read more
HTML Encoding Strings – ASP.NET Web Forms VS Razor View Engine
I guess the best approach would be to use the Raw extension-method: @Html.Raw(Model.Something)
How to make Jade stop HTML encoding element attributes, and produce a literal string value?
Derick has already mentioned that Jade added new feature for unescape HTML encoding in update, but I’d like to add some addendum for someone who might not recognize. – var html = “<script></script>” | !{html} <– Escaped | #{html} <– Encoded from https://github.com/visionmedia/jade
Html inside XML. Should I use CDATA or encode the HTML [closed]
The two options are almost exactly the same. Here are your two choices: <html>This is <b>bold</b></html> <html><![CDATA[This is <b>bold</b>]]></html> In both cases, you have to check your string for special characters to be escaped. Lots of people pretend that CDATA strings don’t need any escaping, but as you point out, you have to make sure … Read more
How do I bypass the HTML encoding when using Html.ActionLink in Mvc?
It looks like ActionLink always uses calls HttpUtility.Encode on the link text. You could use UrlHelper to generate the href and build the anchor tag yourself. <a href=”https://stackoverflow.com/questions/422929/@Url.Action(“Posts”, …)”>More…</a> Alternatively you can “decode” the string you pass to ActionLink. Constructing the link in HTML seems to be slightly more readable (to me) – especially in … Read more
How to encode the plus (+) symbol in a URL
The + character has a special meaning in [the query segment of] a URL => it means whitespace: . If you want to use the literal + sign there, you need to URL encode it to %2b: body=Hi+there%2bHello+there Here’s an example of how you could properly generate URLs in .NET: var uriBuilder = new UriBuilder(“https://mail.google.com/mail”); … Read more