MVC4 AllowHtml not working with Dictionary

Question

I'm having this class in a C# MVC4 project:

public class SaveModel
{
    ....

    [AllowHtml]
    public string BodyHtml { get; set; }
    [AllowHtml]
    public Dictionary<string, string> AdditionalTemplate { get; set; }
}

An a controller actions looking something like this

public ActionResult SaveTemplate(SaveModel model)
{  
    ....
}

the BodyHtml is working fine but for some reason AllowHtml does not work on the Dictionary, and i'm getting an error like this:

A potentially dangerous Request.Form value was detected from 
the client (additionalTemplate[0].value="<tr>..."

Is there any way to get get around it, except from disable validation for the entire request by putting [ValidateInput(false)] on my action?

[ValidateInput(false)]
public ActionResult SaveTemplate(SaveModel model)
{  
    ....
}

Vladimir Shmidt · Accepted Answer

As fast workaround you can create your own type for key value collection where would be two properties. Value property could be marked as AllowHtml like:

    public List<MyCustomItem> AdditionalTemplate { get; set; }

blabla

class MyCustomItem
    {
      public string Key { get; set; }
      [AllowHtml]
      public string Value { get; set; }
    }

MVC4 AllowHtml not working with Dictionary<string, string>

Tags:

c#

asp.net-mvc-4

model-binding

Henrik Stenbæk

1 Answers

Vladimir Shmidt

Recent Activity

Donate For Us