What's better in ASP.NET MVC
<%= Html.LabelForModel() %>
or
<%: Html.LabelForModel() %>
? Why?
If it returns MvcHtmlString it won't matter; the <%: will know it is pre-escaped. I would therefore use <%: as then the reviewer doesn't need to think "is this escaped? or is this a raw field?".
Of course, that does depend on the code that creates the MvcHtmlString being sane...
Neither is "better". They both output the same exact markup.
Related
I have a template engine, which uses <% and %> for templates, but problem is ASP.NET WebForms think other about that.
In Razor I can escape # symbol just by doubling it — ##. How do it in Web Forms?
UPD: HTML escaping not helps — template engine don't want to use <% and %>, so site just show's them.
I may have found some answers here: http://www.sitepoint.com/forums/showthread.php?65377-escape-asp-tags
text = "<" & "% CODE %" & ">"
<% CODE %>
Temporary solution is creating server-side variables and use like <%= OPEN %> and <%= CLOSE %>.
Currently if I have this:
<div>
some dynamic data
</div>
I am using
<div>
<% Response.Write(get.SomeString()); %>
</div>
Obviously this works fine, but there definitely seems like there should be a shorthand for this.
You're looking for <%: get.SomeString() %>
The basic syntax is documented on MSDN:
Code render blocks define inline code or inline expressions that execute when the page is rendered. There are two styles of code render blocks: inline code and inline expressions. Use inline code to define self-contained lines or blocks of code. Use inline expressions as a shortcut for calling the Write method.
<% inline code %>
<%=inline expression %>
In your case, that would look like:
<div>
<%= get.SomeString() %>
</div>
Alternatively, while not noted in the MSDN documentation (but mentioned in the comments), in newer versions of ASP.NET, you can also use <%: … %> syntax to automatically escape any HTML in before writing it to the output. As Scott Guthrie explains, this is an important step in guarding against certain forms of attacks. Which form you should choose will depend on your exact use case.
I would like to display a link with Html.ActionLink.
<%= Html.ActionLink("HOME", "Index") %>
Instead of using the word "HOME", I would like to use string from resource file because I need multiple languages.
<%$ Resources:Site, MenuHome %>
In this case, how to nested these tags?
Thanks!
<%= Html.ActionLink(Resources.Site, "Index") %>
which assumes that you have a Resources.resx file in the App_GlobalResources special folder and a Site key inside it.
i'm trying to populate a ViewData instance with html markup like shown below. When the page renders, the html tags get rendered as text and not html markup. Anyone know why?
Controller code:
if (user.ActivationStatus == false)
{
...
ViewData["Message"] = "<p>Your account has been activated, you're good to go.</p>";
}
else
{
ViewData["Message"] = "<p>Sorry, this account has already been activated.</p>";
}
return View();
View code:
<h2>Confirmation</h2>
<p><%: ViewData["Message"] %></p>
Secondly, I have used the MultiView feature in asp.net webforms in the past. This functionality is ideal and like to implement a similar functionality in MVC.
Is there any way i can call different PartialViews dependant on the function outcome(like the 'if' statement above) from controller code to a placeholder in the View?
<%: %> == Html.Encode(ViewData["Message"]);is HTML Encoding your string...
Try this:
<%= ViewData["Message"]%>
Also, you should be able to control Partial Controls using ViewData and depending on the values in ViewData you could render different partials. You could also strongly type your view to a model that represents the behavior your after on the page...
You can create an MvcHtmlString
<%: MvcHtmlString.Create(ViewData["Message"]) %>
But really you should not have the html in your controller.
By making your view strongly-typed you could instead do something like this.
<h2>Confirmation</h2>
<% if(Model.ActivationStatus) { %>
<p>Sorry, this account has already been activated.</p>
<% } else { %>
<p>Your account has been activated, you're good to go.</p>
<% } %>
Change your view output to:
<h2>Confirmation</h2>
<p><%= ViewData["Message"] %></p>
Only use <%: %> syntax when you want output to be automatically HTML encoded.
What am I doing wrong? How come <%= this %> isn't being interpreted as C#?
Here's the code :
And here is what it renders (notice the Firebug display):
What do you think is going on? MVC newb here. :(
And the static Site class:
(If you cannot see the screenshots on the page, view source and use the URLs from the <img> tags.)
<%: %> starts with .NET v4
For pre-v4 it's equivalent is <%= Html.Encode(...) %>
The problem was that I was using <%= %> (or even <%: %>) within a tag that had runat="sever".
Shouldn't that be <% %> or <%= %> for a shorthand of Response.Write?
Here's an MSDN article on Embedded Code Blocks.
This sometimes happens to me when embedding code inside of html attributes. I've never quite pinned down the exact cause but sometimes you can get around it by using single quotes rather than double.