我想将CKEditor集成到我的MVC Core 2.0应用程序中,在以前的版本中,我通过在字符串属性中添加[AllowHTML]数据注释来使用它.但是在ASP.Net Core中,我找不到将HTML插入字符串输入中的正确方法.
I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.
我在ASP.Net MVC 5中的代码
My code in in ASP.Net MVC 5
[AllowHtml] [DataType(DataType.MultilineText)] public string Profile { get; set; }但是在ASP.Net Core 2.0中[AllowHtml]无法正常工作.我在Google中进行了搜索,但除了此链接 docs.microsoft/zh-cn/aspnet/core/security/cross-site-scripting
but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link docs.microsoft/en-us/aspnet/core/security/cross-site-scripting
[DataType(DataType.MultilineText)] public string Profile { get; set; }我真的很困扰这个问题,需要.Net专家的帮助,谢谢.
I am really stuck with this issue and need help from .Net experts, Thanks.
推荐答案使用Asp.Net Core剃须刀,您可以通过以下方式将原始html输出到页面中:
Using Asp.Net Core razor you can output raw html into the page via the following:
@Html.Raw(theString)我有义务指出,您需要确保theString包含要输出的安全HTML,这样它才不会对XSS攻击敞开大门.
I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.
更多推荐
什么是ASP.Net Core 2.0中[AllowHtml]的替代项
发布评论