Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET MVC 4 and WYSIWYG Editor Validation

I am creating an ASP.NET MVC 4 application which includes a <textarea> inside of a form. This <textarea> has been replaced with TinyMCE 4.x and it functions well on the client-side.

However, since this is a WYSIWYG editor, it obviously generated HTML. When the form is submitted to the server, I get this error from ASP.NET:

A potentially dangerous Request.Form value was detected from the client 
(Description="<p>Test</p>").

Description: ASP.NET has detected data in the request that is potentially
dangerous because it might include HTML markup or script. The data might
represent an attempt to compromise the security of your application, such 
as a cross-site scripting attack. If this type of input is appropriate in your
application, you can include code in a web page to explicitly allow it.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(Description="<p>Test</p>").

Source Error: 

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.

I would like to turn off HTML validation for this particular element, and no where else. I am not sure how I can do this.

Could someone please direct me?

Thank you for your time.

like image 941
Oliver Spryn Avatar asked May 06 '14 21:05

Oliver Spryn


1 Answers

Use AllowHtml attribute to disable request validation for only specific property:

[AllowHtml]
public string YourProperty { get; set; }

You can find detailed explanation here: Request Validation in ASP.NET

like image 130
Selman Genç Avatar answered Oct 16 '22 14:10

Selman Genç