Share via

why ViewData is encoded for unicode text in asp.net web?

mc 5,571 Reputation points
2025-06-30T04:47:49.93+00:00

ViewData["Title"] ="xxxxxxxxxxx";

it is 首页

why?

Developer technologies | ASP.NET | ASP.NET Core
0 comments
Accepted answer
  1. Jack Dang (WICLOUD CORPORATION) 535 Reputation points Microsoft External Staff
    2025-07-01T07:09:36.1066667+00:00

    Hello @mc,

    Thanks for your question! What you're observing is HTML encoding of Unicode characters, which is a normal and expected behavior in ASP.NET MVC when rendering content to the browser.

    Why This Happens:

    ASP.NET Core uses automatic HTML encoding when rendering content via Razor syntax (e.g., @ViewData["Title"]). This is a security feature designed to prevent Cross-Site Scripting (XSS) attacks by ensuring that any potentially unsafe characters are encoded before being sent to the browser.

    For example:

    ViewData["Title"] = "首页";

    When rendered in Razor:

    <h1>@ViewData["Title"]</h1>

    The output HTML might look like:

    <h1>&#x9996;&#x9875;</h1>

    This is the Unicode HTML entity representation of "首页", and browsers will correctly decode and display it as the intended characters.

    If you're seeing the encoded form in the browser source code, that's expected. But if you're seeing the encoded form on the actual page, then you might be double-encoding the content or using Html.Raw() incorrectly.

    To render raw HTML (only if you're sure the content is safe), you can use:

    <h1>@Html.Raw(ViewData["Title"])</h1>

    Important: Use Html.Raw() cautiously, especially with user-generated content, as it bypasses HTML encoding and can expose your app to XSS vulnerabilities.

    Here's a bit more context: in ASP.NET Core, you have an option to control this behavior. By default, the encoders are set to allow only a safe list of characters. If your application often uses non-Latin characters (like Chinese), you might consider customizing the encoder to include additional Unicode ranges.

    To do this, you can modify your Program.cs file to include the ranges that suit your application. Here’s an example of how to widen the encoder's safe list to include Chinese characters:

    builder.Services.AddSingleton<HtmlEncoder>(
     HtmlEncoder.Create(allowedRanges: [ UnicodeRanges.BasicLatin,
                                               UnicodeRanges.CjkUnifiedIdeographs ]));

    This adjustment will allow for process-rendering of characters like "首页" without encoding them into their Unicode escape representations.

    I hope that my answer helps you clarify your issue.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SurferOnWww 4,726 Reputation points
    2025-06-30T05:37:59.07+00:00

    it is &#x9996;&#x9875;

    Is the original string "首页"? If so, it seems Unicode escape in html.

    See the following sample of .NET 9.0 ASP.NET Core MVC:

    View (Privacy.cshtml):

    @{
    ViewData["Title"] = "首页";// "Privacy Policy";
}
<h1>@ViewData["Title"]</h1>

<p>Use this page to detail your site's privacy policy.</p>

    html source code rendered from the above view:

    enter image description here

    Home/Privacy shown on browser:

    enter image description here

    Non-ASCII characters passed to View through ViewData, ViewBag, ViewModel (e.g., @Model.Title) and HtmlHelper (except for @Html.Raw()) are escaped to the format of &#xXXXX; during rendering to html in ASP.NET Core unlike ASP.NET of .NET Framework 4.8.

    Example:

    Ladurée => Ladur&#xE9;e

    1 person found this answer helpful.
    0 comments
  2. Bruce (SqlWork.com) 78,316 Reputation points Volunteer Moderator
    2025-06-30T16:41:19.3466667+00:00

    html is generally encoded in utf-8 (preferred), so requires encoding of unicode (UTF-16) characters outside this set.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.