tags:

views:

84

answers:

3
+1  Q: 

How do you handle line breaks in HTML Encoded MVC view?

I am unsure of the best way to handle this. In my index view I display a message that is contained in TempData["message"]. This allows me to display certain error or informational messages to the user when coming from another action (for example, if a user tries to enter the Edit action when they don't have access, it kicks them back to the Index with a message of "You are not authorized to edit this data").

Prior to displaying the message, I run Html.Encode(TempData["message"]). However, I have recently come into the issue where for longer messages I want to be able to separate the lines out via line breaks (<br>). Unfortunately (and obviously), the <br> gets encoded by Html.Encode so it doesn't cause an actual line break.

How do I process line breaks correctly in Html Encoded strings?

A: 

"Process" the message in the controller:

  1. HTMLEncode the message
  2. Insert the line break tags
  3. Add message to the TempData collection.
Dave Swersky  2010-10-04 20:27:08
I think I'd rather Encode the message in the view. I think encoding in the controller is risky, as you have to make sure you do it everywhere that redirects to the Index action. It's easier to forget one spot.
KallDrexx  2010-10-05 13:17:33
A: 

StringBuilder sb = new StringBuilder();

foreach(string message in messages) { sb.Append(string.Format("{0}
", Server.HtmlEncode(message)); }

TempData["message"] = sb.ToString();

Andy Evans  2010-10-04 20:37:54
+1  A: 

I agree with @Roger's comment - there is not really any need to encode anything that you have total control over.

If you still wish to be better safe than sorry (which isn't a bad thing), you could use the Microsoft AntiXss library and use the .GetSafeHtmlFragment(input) method - see HTML Sanitization in Anti-XSS Library

e.g.

<%= AntiXss.GetSafeHtmlFragment(TempData["message"]) %>

HTHs,
Charles

Charlino  2010-10-04 21:51:13
Oh that is perfect. I can use that in other areas of my code as well where I want to preserve line breaks. Thanks!
KallDrexx  2010-10-05 12:20:52

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data