Closed jtsom closed 1 month ago
This is by design as far as I can tell. ASP.NET Core Razor Pages or MVC with Razor Views does the same thing. If you want to disable encoding already encoded values you can wrap the value in HtmlString
, e.g. <img src="(new HtmlString(@Model.ImageUrl))" />
.
I'm not sure it's "by design". This code was adapted from existing ASP.NET MVC code that renders a partial, which is then converted to a PDF - it does not have this issue of incorrectly rendering the embedded & .
Also, as mentioned, it strips out the quotes in the rendered img tag. If I add spaces, the quotes will appear, but with the additional spaces:
<img src=" @Model.ImageUrl " />
<img src=" https://example.com/images/image.png?v1=test&amp;v2=test2&amp;v3=test3 " />
FWIW - I tried using the HtmlString method mentioned, but the renderer still incorrectly encodes the &
Can you create and share a project that reproduces the issue as I'm not able to see the behavior you're describing.
Sorry it took long to get this set up.
Load this project up and run it. (I don't know why the Swagger UI gives an error - not sure what's going on there).
Put a breakpoint on line 40
Load up the /GetTest endpoint and step over the break point, and look at the rendered code to see the problem. The & is being incorrectly "encoded".
Thanks. net8test.zip
Update: I figured out the Swagger issue - I have "app.Map( )" in the code - it should be "app.MapGet ( )"
Yes this is expected because the text value is already HTML encoded. Razor Pages/Views does the exact same thing. I added a Razor Page to your app and rendered the img tag the same way and get the same result:
If you want write pre-encoded HTML (i.e. raw HTML) you need to render an HtmlString
instance instead, e.g.
@(new HtmlString(Model.Url))
Thanks, I guess. We have a .Net MVC web app, that renders a similar string into HTML and that conversion doesn't happen.
I also did try using the HtmlString method and it did the same thing.
Oh well, I have a workaround that fixes the HTML, so will just keep using that.
If you can share a repro of an MVC app not HTML encoding a string returned from a Razor expression I'll gladly take another look. My guess is it's passing it through Html.Raw()
, e.g. @Html.Raw(Model.Url)
When rendering a cshtml page, that has a URL with encoded & values (&) (image tag src attribute, for example), the rendered URL has the URL incorrectly encoded:
where ImageUrl is something like:
The rendered URL is:
Also the quotes in the above img tag are missing:
This was found when trying to pull images from Azure Storage, where the validation key needs to be appended to the url. Needless to say, this causes Azure to not render the image, returning an error;
I had to manually fix and remove the extra "amp;" from the rendered HTML.