MVC3 TextBoxFor with encoded text

Erann3 picture Erann3 · Dec 6, 2011 · Viewed 9.2k times · Source

Is there a way to use TextBoxFor helper with encoded text?

for example: When using the following helper of MVC3 With Razor view engine :

@Html.TextBoxFor(model => model.Description)

and the value of model.Description is encoded, for example:

 <script>alert();'</script>

the result is text box with the the encoded string, when the wanted result is text box with the decoded string:

 <script>alert();'</script>

Is there a way to use the MVC TextBoxFor with encoded string instead of using

@Html.TextBox("Description", Server.HtmlDecode(Model.Description))

?

Answer

dknaack picture dknaack · Dec 6, 2011

You have to html-decode your string.

Use the System.Web.HttpUtility.HtmlDecode for that.

System.Web.HttpUtility.HtmlDecode("&lt;script&gt;alert();&#39;&lt;/script&gt;")

will result in

<script>alert();'</script>

TextBoxFor does not support that so, you have 2 options

1. Decode before display

    @{
        Model.Description = System.Web.HttpUtility.HtmlDecode(Model.Description);
     }
    @Html.TextBoxFor(model => model.Description)

2. Use @Html.TextBox for this

    @Html.TextBox("Description", System.Web.HttpUtility.HtmlDecode(Model.Description))

hope this helps