Model attributes to ignore validation of html entities

Question

I want to input html in the database and also display it back as html. I wrote my view model like this:

public class TemplateVM
{
    [HiddenInput(DisplayValue = false)]
    public int TemplateId { get; set; }
    public string Name { get; set; }
    public string Content { get; set; }
}

the property Content should be able to accept html. How can I do this? Right now, it throws the error of:

A potentially dangerous Request.Form value was detected from the client (Content="<p>test</p>").

I'm aware of using this on the action, but I dont want it to apply to every property.:

[ValidateInput(false)]

score 4 · Accepted Answer · answered Aug 05 '11 at 07:01

Instead of using ValidateInput attribute on entire model, I suggest you use AllowHtml attribute on Content property:

public class TemplateVM
{
    [HiddenInput(DisplayValue = false)]
    public int TemplateId { get; set; }
    public string Name { get; set; }
    [AllowHtml]
    public string Content { get; set; }
}

This attribute is only applied for Content property, while other properties are still validated.

score 3 · Answer 2 · answered Aug 04 '11 at 18:59

3

Put [ValidateInput(false)] on top of TemplateVM. It will apply to all properties.

answered Aug 04 '11 at 18:59

Jakub Konecki

45,581
7
87
126

Model attributes to ignore validation of html entities

2 Answers2