I am creating an ASP.NET MVC 4 application which includes a <textarea>
inside of a form. This <textarea>
has been replaced with TinyMCE 4.x and it functions well on the client-side.
However, since this is a WYSIWYG editor, it obviously generated HTML. When the form is submitted to the server, I get this error from ASP.NET:
A potentially dangerous Request.Form value was detected from the client
(Description="<p>Test</p>").
Description: ASP.NET has detected data in the request that is potentially
dangerous because it might include HTML markup or script. The data might
represent an attempt to compromise the security of your application, such
as a cross-site scripting attack. If this type of input is appropriate in your
application, you can include code in a web page to explicitly allow it.
Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(Description="<p>Test</p>").
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.
I would like to turn off HTML validation for this particular element, and no where else. I am not sure how I can do this.
Could someone please direct me?
Thank you for your time.
Use AllowHtml
attribute to disable request validation for only specific property:
[AllowHtml]
public string YourProperty { get; set; }
You can find detailed explanation here: Request Validation in ASP.NET
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With