How can I show a viewbag as html?

c# asp.net asp.net-mvc-3 viewbag

David Archer · Sep 2, 2011 · Viewed 62k times · Source

OK, quite new to ASP.Net MVC, so I'm sorry if this is a silly question, but how do I go about showing the values of a ViewBag as HTML. For Example, if ViewBag.SomeMessage contains the following text:

<h3>Test</h3><p>Test</p><p>Test</p><p>Test</p><p>Test</p><p>TEST</p>

How would I go about actually having the page render that as normal HTML? Or is there a much easier way of achieving this that I'm totally missing?

Cheers!

Answer

Everyone is correct in the use of @Html.Raw() but I want to point out to be careful with this, as it can make your site susceptible to XSS vulnerabilities.

I would combine the @Html.Raw(ViewBag.SomeMessage) with Microsoft's Anti-XSS Library to make sure you do not introduce any vulnerabilities from this.

Edit: The advantage of the Anti-XSS library (if you haven't looked at it) is it has a whitelist of approved markups (such as <b>, <h3>, etc..) so that only approved markups will be un-encoded.

Edit2: Here's an example of how this is done.

How can I show a viewbag as html?

Answer

Related questions