CODEWITHSUNDEEP
asp.net-mvcasp.net-mvc-3razor
DevMania
DevMania

Reputation: 2341

Razor XHTML "&" Character encoding bug

i am loving this new view-engine and one of the coolest features is everything is encoded by default. but there is something i don't understand, let us say i have created this HTML paragraph

<p>
       this is a test Paragraph for both Development & Production
</p>

now if i inspect element in firebug i get 

<p>
  this is a test Paragraph for both Development  &amp; Production   
</p>

which is correct but if i view source code in browser i get 

<p>
  this is a test Paragraph for both Development  & Production   
</p>

and i try to validate the page with W3C validation i get the error of "&" character as none valid.

now my document is as i think set right

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11     /DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

What am I missing?

Upvotes: 1

Views: 2287

Answers (3)

Aaron Weiker
Aaron Weiker

Reputation: 2531

By default Razor will encode everything that it writes, not everything in the page. Since Razor things the text inside the P tags are HTML it will not do any encoding to it.

Take a look at the following example for a better understanding of the difference:

<p>this is a test Paragraph for both Development & Production</p>

@{var body = "this is a test Paragraph for both Development & Production";}
<p>@body</p>

@{var body2 = new HtmlString("this is a test Paragraph for both Development & Production");}
<p>@body2</p>

If you render this page you'll notice that the first paragraph does not get encoded, whereas the second paragraph will get encoded as it is encoding the output of a variable. Then the 3rd example will produce the same output as the first as it uses the special HtmlString which assumes that the input is safe.

For reference, here is the output from Razor:

<p>this is a test Paragraph for both Development & Production</p>
<p>this is a test Paragraph for both Development &amp; Production</p>
<p>this is a test Paragraph for both Development & Production</p>

Upvotes: 11

Matt Lacey
Matt Lacey

Reputation: 65564

Firebug will automatically HTML encode some things when it displays them in the viewer. This is misleading. Viewing source shows what is actually output by your site.

Upvotes: -1

SLaks
SLaks

Reputation: 887365

Razor will only escape output from @ blocks.

You still need to escape literal markup yourself.
Firebug shows &amp; because the browser is smart enough to correctly interpret your invalid markup.

Upvotes: 3

Related Questions