I have an application use Asp.Net 4.61 in which I read html from a database field Description and use it to populate my a page in my application. I do this by marking the property Description with [AllowHtml].
In my Asp.Net Core 2.0 app, I get an error that the assembly reference or directive is not found.
I have 2 questions – that will hopefully enable me to better answer questions such as this in the future:
- Is there a document/site that I could search to see if AllowHtml is
in Core 2.0 - Is there a better/more secure way that I should use if I want to
populate web pages by reading from my database than decorating the field/property with[AllowHtml]?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You don’t need [AllowHtml] anymore, because nobody denies HTML in ASP.NET Core 2.0:
Instead, encode the output and Prevent Cross-Site Scripting
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0