Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MVC4 AllowHtml not working with Dictionary<string, string>

I'm having this class in a C# MVC4 project:

public class SaveModel
{
    ....

    [AllowHtml]
    public string BodyHtml { get; set; }
    [AllowHtml]
    public Dictionary<string, string> AdditionalTemplate { get; set; }
}

An a controller actions looking something like this

public ActionResult SaveTemplate(SaveModel model)
{  
    ....
}

the BodyHtml is working fine but for some reason AllowHtml does not work on the Dictionary, and i'm getting an error like this:

A potentially dangerous Request.Form value was detected from 
the client (additionalTemplate[0].value="<tr>..."

Is there any way to get get around it, except from disable validation for the entire request by putting [ValidateInput(false)] on my action?

[ValidateInput(false)]
public ActionResult SaveTemplate(SaveModel model)
{  
    ....
}
like image 607
Henrik Stenbæk Avatar asked Nov 02 '22 17:11

Henrik Stenbæk


1 Answers

As fast workaround you can create your own type for key value collection where would be two properties. Value property could be marked as AllowHtml like:

    public List<MyCustomItem> AdditionalTemplate { get; set; }  

blabla

class MyCustomItem
    {
      public string Key { get; set; }
      [AllowHtml]
      public string Value { get; set; }
    }
like image 85
Vladimir Shmidt Avatar answered Nov 15 '22 07:11

Vladimir Shmidt