Last post Feb 23, 2009 10:56 AM by dkarantonis
Feb 22, 2009 10:55 PM|dkarantonis|LINK
I am developing an asp.net mvc RC refresh application and i use tinymce text editor in order to store rich text inside my database.
While fetching the rich text from the database and displaying it on the Details page, i no longer see the fromatted data, rather the plain html (for example
<p><em><strong>rich text sample</strong></em></p>). How can i display rich text as formatted and not as plain html using an Html text helper like Html.TextArea?
Feb 23, 2009 12:57 AM|jwize|LINK
Feb 23, 2009 10:56 AM|dkarantonis|LINK
if the text inside the database was formatted, what you mention should do the trick. But the data is not formatted and decoding unencoded data could weaken my site to script attacks.
Anyway, i decided not to use any HTML controls, rather display the output as plain html and everything works now (<%= Model.Description %>). Also, since the tinymce editor encodes only malicious input (such as <script>...</script>), there is no need to encode
data before displaying it.