By default, everything you write in a razor file is escaped to prevent any injection. This is very nice to be safe by default. But there are some use cases where you want to generate an HTML string in the code and render it as-is. For instance, you can convert a markdown string to HTML and render it.
Blazor provides the type MarkupString
to indicate a string is already HTML encoded. You can instantiate a MarkupString
using a new
or an explicit cast:
var html = "<strong>meziantou.net</strong>";
var markupString1 = new MarkupString(html);
var markupString2 = (MarkupString)html;
#blazor #dotnet #html #programming #developer