Is it possible to display raw Html from database in ASP.NET MVC 3?

Question

I have a table in my db where one of the properties is an Html page (without the html, head and body tags), and I intend to put it in the middle of one of my views - say, I call a cotroller method that takes an argument, and return a view passing this html big string as the model. I searched for it (not much, I admit), and found the following method:

<%= System.Web.HttpUtility.HtmlDecode(yourEncodedHtmlFromYouDatabase) %>

That was found here in stackoverflow. When I tried a similar razor aproach, I ended up with this:

@System.Web.HttpUtility.HtmlDecode("<h1>Test</h1>")

That's the idea, but it didn't work quite as I planned.

Answer 1

All you need is: @Html.Raw(yourEncodedHtmlFromYouDatabase)

I'm assuming that the html in the database has been properly sanitized (or at least from a reliable source), because if not, you could be opening yourself up to cross-site scripting attacks.

The reason your approach didn't work is that Razor HTML-encodes output by default (every time you use @ to display something). Html.Raw tells Razor that you trust the HTML and you want to display it without encoding it (as it's already raw HTML).

Answer 2

You can also return a HTMLString and Razor will output the correct formatting, for example.

@Html.GetSomeHtml()

public static HtmlString GetSomeHtml()
{
    var Data = "abc<br/>123";
    return new HtmlString(Data);
}

This will allow you to display HTML