-1

I have some HTML stored in a database and I am generating an static HTML file out of it. However when i open the file in the browser, the font doesn't render as I expect it.

I have tracked down the problem and I see it is because of & quot;

<p><span style="font-family: &quot;Roboto Regular&quot;;">Some text</span></p>

Now if I replace the & quot; with double quotes, it works fine.

This is also generated through C#. What is the best approach to fix this? Should I just use Replace function to convert them to quotes or is there a library that I can use to do it more efficiently? or is it even simpler to fix.

Thanks for your thoughts.

Naveen
  • 1,186
  • 1
  • 13
  • 35
Stackedup
  • 517
  • 5
  • 20

2 Answers2

3

You can use System.Web.HttpUtility.HtmlDecode (and Encode) to handle this sort of thing.

However you should be asking yourself why your font string includes HTML encoded characters.

Robin Bennett
  • 2,982
  • 6
  • 16
  • Thank you very much for the reply. The reason is that it is coming from SummerNote editor, encoded like that. Your solution seems to partially work. Now I am seeing `&nbsp` are getting converted to `Â` character. Any ideas why? – Stackedup Aug 21 '19 at 09:17
  • 1
    That's odd. `Â` should be encoded as `Â` for a capital a, with a circumflex accent. ` ` is a space. – Robin Bennett Aug 21 '19 at 09:22
  • So the HTML has the ` ` and I was expecting to see space instead of it but it is showing as `Â`. – Stackedup Aug 21 '19 at 09:24
  • 1
    I created a simple test project that just did `var result = System.Web.HttpUtility.HtmlDecode("foo bar");` and it decoded it correctly. I think there must be something else going on. I suggest you ask another question with a short example (ideally one line) of the code that goes wrong so we can reproduce it and trace the problem. – Robin Bennett Aug 21 '19 at 09:57
1

HTML is spewed out as is and not parsed until it reaches the browser. This is a security measure to ensure that no malicious code can be run in the browser. I will recommend you use the Replace function you suggest. If you want to take security to the next level, I will suggest you encode the opening and closing braces of HTML tags and including that inside your Replace method.

cr05s19xx
  • 1,796
  • 1
  • 14
  • 34