Clear Thinking in Data, Cloud, and AI

Practical insights from real-world cloud, data, and AI engineering

what @Html.Raw() and Json.Encode() does

Written by

Shahzad Khan

in

on

What this code does?

@model CourseVM
<script type="text/javascript">
    var model = @Html.Raw(Json.Encode(Model));
    // go ahead and use the model javascript variable to bind with ko
</script>

Json.Encode serialises the Model to a JSON string. Html.Raw ensures that it is rendered verbatim and isn’t HTML-encoded by Razor. If it is Html-encoded (which Razor does by default) special characters will be converted to their HTML entity representations (e.g. & becomes &amp;). Then the JSON string might not be valid JSON.

There are arguments that encoding protects against script injection and Html.Raw removes that protection.

Html encode() is a built-in feature in MVC so we shouldn’t be worried about script injection in MVC.

FavoriteLoadingAdd to favorites

RECENT POSTS

Categories

Log in

Tags

ADO ai angular asian asp.net asp.net core azure ACA azure administration Azure Cloud Architect Azure Key Vault Azure Storage Blazor WebAssembly BLOB bootstrap c# containers css datatables design pattern docker excel framework Git HTML JavaScript jQuery json knockout lab LINQ linux power bi powershell REST API smart home SQL Agent SQL server SSIS SSL SVG Icon typescript visual studio Web API window os wordpress

ARCHIVE

DISCLAIMER

The information on this weblog is provided “as is,” without warranties of any kind, and confers no rights. The content reflects my personal views and does not represent the thoughts, intentions, plans, or strategies of any organization with which I am affiliated. Discussion and differing viewpoints are welcome; however, I reserve the right to moderate or remove comments that are abusive, profane, rude, or anonymous. Please keep the conversation respectful and constructive.

More posts