问题
here is my view code:
<%=Model.HtmlData %>
here is my controller code:
public ActionResult GetPage()
{
ContentPageViewModel vm = new ContentPageViewModel();
vm.HtmlData = _htmlPageRepository.Get("key");
return View(vm);
}
my repository class basically queries a database table that has the fields:
id, pageName, htmlContent
the .Get() method passes in a pageName (or key) and returns the htmlContent value.
Right now i have just started this (haven't persisted anything to the db yet) so i am not doing any explicit encoding in my code now.
What is the best practice for where i need to do encoding (in the model, the controller, the view ??)
回答1:
Encoding is a concern of the view. You may have two very different displays using the same database, so often it isn't advisable to store the data in a state required by the specific view.
As a side note... If you are using .NET 4
<%: Model.HtmlData %>
Is the new
<%= Sever.HtmlEncode(Model.HtmlData) %>
来源:https://stackoverflow.com/questions/2914062/where-should-i-encode-this-html-data-in-an-asp-net-mvc-site