什么是ASP.Net Core 2.0中[AllowHtml]的替代项

本文介绍了什么是ASP.Net Core 2.0中[AllowHtml]的替代项的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我想将CKEditor集成到我的MVC Core 2.0应用程序中，在以前的版本中，我通过在字符串属性中添加[AllowHTML]数据注释来使用它.但是在ASP.Net Core中，我找不到将HTML插入字符串输入中的正确方法.

I want to integrate CKEditor in my MVC Core 2.0 Application, in previous version I used it by adding [AllowHTML] data annotation to my string property. But in ASP.Net Core I could not find the right way to insert HTML into string input.

我在ASP.Net MVC 5中的代码

My code in in ASP.Net MVC 5

[AllowHtml] [DataType(DataType.MultilineText)] public string Profile { get; set; }

但是在ASP.Net Core 2.0中[AllowHtml]无法正常工作.我在Google中进行了搜索，但除了此链接 docs.microsoft/zh-cn/aspnet/core/security/cross-site-scripting

but in ASP.Net Core 2.0 [AllowHtml] is not working. I searched in google but could not find right solution except this link docs.microsoft/en-us/aspnet/core/security/cross-site-scripting

[DataType(DataType.MultilineText)] public string Profile { get; set; }

我真的很困扰这个问题，需要.Net专家的帮助，谢谢.

I am really stuck with this issue and need help from .Net experts, Thanks.

推荐答案

使用Asp.Net Core剃须刀，您可以通过以下方式将原始html输出到页面中:

Using Asp.Net Core razor you can output raw html into the page via the following:

@Html.Raw(theString)

我有义务指出，您需要确保theString包含要输出的安全HTML，这样它才不会对XSS攻击敞开大门.

I feel obligated to point out that you need to ensure that theString contains safe HTML to output such that it isn't an open door for XSS attacks.