From 8a731861bc37107fce807cd32f431b46c1d94139 Mon Sep 17 00:00:00 2001 From: Denis Voituron Date: Fri, 19 Dec 2025 10:24:59 +0100 Subject: [PATCH 1/2] Add a UseMarkupString property --- .../MessageBar/FluentMessageBar.razor | 8 ++-- src/Core/Components/MessageBar/Message.cs | 7 ++++ .../MessageBar/Services/IMessageService.cs | 8 ++++ .../MessageBar/Services/MessageOptions.cs | 7 ++++ .../MessageBar/Services/MessageService.cs | 40 +++++++++++++++++++ 5 files changed, 66 insertions(+), 4 deletions(-) diff --git a/src/Core/Components/MessageBar/FluentMessageBar.razor b/src/Core/Components/MessageBar/FluentMessageBar.razor index 6ce33ab7dc..5ab065a9c4 100644 --- a/src/Core/Components/MessageBar/FluentMessageBar.razor +++ b/src/Core/Components/MessageBar/FluentMessageBar.razor @@ -17,7 +17,7 @@
@if (!String.IsNullOrEmpty(Title)) { - @((MarkupString)Title) + @(Content?.UseMarkupString == true ? (MarkupString)Title : Title) } @if (ChildContent is not null) { @@ -25,7 +25,7 @@ } else { - @((MarkupString)Content!.Body!) + @(Content?.UseMarkupString == true ? (MarkupString)Content!.Body! : Content!.Body) } @if (Link is not null) { @@ -84,7 +84,7 @@ @if (!String.IsNullOrEmpty(Title)) {
- @((MarkupString)(Title)) + @(Content?.UseMarkupString == true ? (MarkupString)(Title) : Title)
} @@ -105,7 +105,7 @@ @ChildContent @if (!String.IsNullOrEmpty(Content?.Body)) { - @((MarkupString)Content.Body) + @(Content?.UseMarkupString == true ? (MarkupString)Content.Body : Content?.Body) } @if (Link is not null) { diff --git a/src/Core/Components/MessageBar/Message.cs b/src/Core/Components/MessageBar/Message.cs index f720c13f24..96bc6c4134 100644 --- a/src/Core/Components/MessageBar/Message.cs +++ b/src/Core/Components/MessageBar/Message.cs @@ -52,6 +52,13 @@ public string? Title } } + /// + /// Indicates whether the title and body should be rendered as markup string. + /// Using MarkupString can introduce XSS vulnerabilities because it renders unencoded HTML. + /// Only use it with fully trusted, sanitized content. + /// + internal bool UseMarkupString => Options.UseMarkupString; + /// /// Gets or sets the message to be shown in the message bar. /// diff --git a/src/Core/Components/MessageBar/Services/IMessageService.cs b/src/Core/Components/MessageBar/Services/IMessageService.cs index c1e3169af4..21ba51b293 100644 --- a/src/Core/Components/MessageBar/Services/IMessageService.cs +++ b/src/Core/Components/MessageBar/Services/IMessageService.cs @@ -2,6 +2,8 @@ // This file is licensed to you under the MIT License. // ------------------------------------------------------------------------ +using Microsoft.AspNetCore.Components; + namespace Microsoft.FluentUI.AspNetCore.Components; /// @@ -28,6 +30,9 @@ public interface IMessageService : IDisposable /// Message ShowMessageBar(string title, MessageIntent intent, string section); + /// + Message ShowMessageBar(MarkupString title, MessageIntent intent, string section); + /// Task ShowMessageBarAsync(Action options); @@ -40,6 +45,9 @@ public interface IMessageService : IDisposable /// Task ShowMessageBarAsync(string title, MessageIntent intent, string section); + /// + Task ShowMessageBarAsync(MarkupString title, MessageIntent intent, string section); + /// void Clear(string? section = null); diff --git a/src/Core/Components/MessageBar/Services/MessageOptions.cs b/src/Core/Components/MessageBar/Services/MessageOptions.cs index a81bfd169c..8a4cb47ff5 100644 --- a/src/Core/Components/MessageBar/Services/MessageOptions.cs +++ b/src/Core/Components/MessageBar/Services/MessageOptions.cs @@ -29,6 +29,13 @@ public class MessageOptions /// public string? Title { get; set; } + /// + /// Indicates whether the and should be rendered as markup string. + /// Using MarkupString can introduce XSS vulnerabilities because it renders unencoded HTML. + /// Only use it with fully trusted, sanitized content. + /// + public bool UseMarkupString { get; set; } = false; + /// /// Gets or sets the message to be shown in the message bar after the title. /// diff --git a/src/Core/Components/MessageBar/Services/MessageService.cs b/src/Core/Components/MessageBar/Services/MessageService.cs index 9537c51216..bff1e4e9b4 100644 --- a/src/Core/Components/MessageBar/Services/MessageService.cs +++ b/src/Core/Components/MessageBar/Services/MessageService.cs @@ -125,6 +125,26 @@ public Message ShowMessageBar(string title, MessageIntent intent, string section }); } + /// + /// Show a message based on the provided parameters in a message bar. + /// + /// Main info. + /// Using MarkupString can introduce XSS vulnerabilities because it renders unencoded HTML. + /// Only use it with fully trusted, sanitized content. + /// Intent of the message + /// Section to show the message bar in + /// + public Message ShowMessageBar(MarkupString title, MessageIntent intent, string section) + { + return ShowMessageBar(options => + { + options.Title = title.Value; + options.UseMarkupString = true; + options.Intent = intent; + options.Section = section; + }); + } + /// /// Show a message based on the provided options in a message bar. /// @@ -200,6 +220,26 @@ public async Task ShowMessageBarAsync(string title, MessageIntent inten }); } + /// + /// Show a message based on the provided parameters in a message bar. + /// + /// Main info. + /// Using MarkupString can introduce XSS vulnerabilities because it renders unencoded HTML. + /// Only use it with fully trusted, sanitized content. + /// Intent of the message + /// Section to show the message bar in + /// + public async Task ShowMessageBarAsync(MarkupString title, MessageIntent intent, string section) + { + return await ShowMessageBarAsync(options => + { + options.Title = title.Value; + options.UseMarkupString = true; + options.Intent = intent; + options.Section = section; + }); + } + /// /// Show a message based on the provided message options in a message bar. /// From 4ffe5da95cefac072312f92a4087a53032ed180d Mon Sep 17 00:00:00 2001 From: Denis Voituron Date: Fri, 19 Dec 2025 12:30:10 +0100 Subject: [PATCH 2/2] Update the MessageBar rendeing for MarkupString --- .../MessageBar/FluentMessageBar.razor | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/src/Core/Components/MessageBar/FluentMessageBar.razor b/src/Core/Components/MessageBar/FluentMessageBar.razor index 5ab065a9c4..69bd5f8371 100644 --- a/src/Core/Components/MessageBar/FluentMessageBar.razor +++ b/src/Core/Components/MessageBar/FluentMessageBar.razor @@ -17,7 +17,16 @@
@if (!String.IsNullOrEmpty(Title)) { - @(Content?.UseMarkupString == true ? (MarkupString)Title : Title) + + @if (Content?.UseMarkupString == true) + { + @((MarkupString)Title) + } + else + { + @Title + } + } @if (ChildContent is not null) { @@ -25,7 +34,14 @@ } else { - @(Content?.UseMarkupString == true ? (MarkupString)Content!.Body! : Content!.Body) + @if (Content?.UseMarkupString == true) + { + @((MarkupString)Content!.Body!) + } + else + { + @(Content!.Body) + } } @if (Link is not null) { @@ -84,7 +100,14 @@ @if (!String.IsNullOrEmpty(Title)) {
- @(Content?.UseMarkupString == true ? (MarkupString)(Title) : Title) + @if (Content?.UseMarkupString == true) + { + @((MarkupString)Title) + } + else + { + @Title + }
} @@ -105,7 +128,14 @@ @ChildContent @if (!String.IsNullOrEmpty(Content?.Body)) { - @(Content?.UseMarkupString == true ? (MarkupString)Content.Body : Content?.Body) + @if (Content?.UseMarkupString == true) + { + @((MarkupString)Content.Body) + } + else + { + @Content?.Body + } } @if (Link is not null) {