问题
I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.
My code in in ASP.Net MVC 5
[AllowHtml]
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting
[DataType(DataType.MultilineText)]
public string Profile { get; set; }
I am really stuck with this issue and need help from .Net experts, Thanks.
回答1:
Using Asp.Net Core razor you can output raw html into the page via the following:
@Html.Raw(theString)
I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.
来源:https://stackoverflow.com/questions/48514226/what-is-the-alternate-of-allowhtml-in-asp-net-core-2-0