Generate web page from Database using AllowHtml in Asp.Net Core 2.0

I have an application use Asp.Net 4.61 in which I read html from a database field Description and use it to populate my a page in my application. I do this by marking the property Description with [AllowHtml].

In my Asp.Net Core 2.0 app, I get an error that the assembly reference or directive is not found.

I have 2 questions – that will hopefully enable me to better answer questions such as this in the future:

  1. Is there a document/site that I could search to see if AllowHtml is
    in Core 2.0
  2. Is there a better/more secure way that I should use if I want to
    populate web pages by reading from my database than decorating the field/property with [AllowHtml]?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

You don’t need [AllowHtml] anymore, because nobody denies HTML in ASP.NET Core 2.0:

Don’t need [AllowHtml] or RequestValidationEnabled because we don’t have request validation in this system

Instead, encode the output and Prevent Cross-Site Scripting


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x