Reputation: 1294
I am creating a MVC-Project. Using MVC 4 and Razor. After building some pages I was wondering: what is the difference between
MvcHtmlString.Create()
and
Html.Raw()
Would be nice if you could help me here to understand that.
Thanks in advance!
Upvotes: 30
Views: 30493
Reputation: 427
The other answers focus more on the technical differences, if there are any. I think however there is another aspect: They serve different use cases / are used in different situations.
Html.Raw(...)
is a method of IHtmlHelper
. These are intented for use in razor views. It can be used to render raw HTML strings 'as is', without them getting encoded.
Since rendering user generated HTML content can be a security risk, it is very important to know when a string can contain HTML code, and for it to be sanitized. One of the main sources of security problems with old languages like ASP and PHP is rendering strings un-encoded per default, so you can see why, per default, ASP.NET MVC renders strings encoded. You want the (few) cases where your program renders a raw HTML string to be 'opt-in' and clear to see.
To better indicate these cases, it is good practice to store the HTML strings in a dedicated data type, like HtmlString
. These objects will be rendered un-encoded, so you don't need Html.Raw
. For this you can use MvcHtmlString.Create(...)
, or, more simply, new HtmlString(...)
, even if you don't have access to an IHtmlHelper
(for example in a view model).
To illustrate this, consider this example of a view model for an ASP.NET MVC view with a title that does not contain HTML, and a content that does:
class MyViewModel
{
public string Title { get; set; }
public HtmlString SomeHtmlContent { get; set; }
}
This can be rendered on the page like this - notice that you don't need Html.Raw
to render the HTML content:
<div>
<h1>@Model.Title</h1>
<div>
@Model.SomeHtmlContent
</div>
<div>
Upvotes: 2
Reputation: 23830
This is an excellent opportunity to look at the source code that's available to us for ASP.NET (https://github.com/aspnet/AspNetWebStack/).
Looking at HtmlHelper.cs, this is the code for Html.Raw()
:
public IHtmlString Raw(string value)
{
return new HtmlString(value);
}
public IHtmlString Raw(object value)
{
return new HtmlString(value == null ? null : value.ToString());
}
And this is the code for the MvcHtmlString class:
namespace System.Web.Mvc
{
public sealed class MvcHtmlString : HtmlString
{
[SuppressMessage("Microsoft.Security", "CA2104:DoNotDeclareReadOnlyMutableReferenceTypes", Justification = "MvcHtmlString is immutable")]
public static readonly MvcHtmlString Empty = Create(String.Empty);
private readonly string _value;
public MvcHtmlString(string value)
: base(value ?? String.Empty)
{
_value = value ?? String.Empty;
}
public static MvcHtmlString Create(string value)
{
return new MvcHtmlString(value);
}
public static bool IsNullOrEmpty(MvcHtmlString value)
{
return (value == null || value._value.Length == 0);
}
}
}
The most significant difference is that Html.Raw()
accepts any object, while MvcHtmlString.Create()
only accepts strings.
Also, Html.Raw()
returns an interface, while the Create method returns an MvcHtmlString object.
Lastly, the Create deals with null differently.
Upvotes: 27
Reputation: 700562
There is no practical difference.
The MvcHtmlString.Create
creates an instance of MvcHtmlString
, while the Html.Raw
method creates an instance of HtmlString
, but MvcHtmlString
just inherits from HtmlString
, so they work the same.
Upvotes: 7