Allow User to input HTML in ASP.NET MVC - ValidateInput or AllowHtml

validation asp.net-mvc validate-request

How can I allow a user to input HTML into a particular field using ASP.net MVC.

I have a long form with many fields that get mapped to this complex object in the controller.

I would like to make one field (the description) allow HTML which I will preform my own sanitation on at a later point.


Add the following attribute the action (post) in the controller that you want to allow HTML for:

[ValidateInput(false)]

Edit: As per Charlino comments:

In your web.config set the validation mode used. See MSDN:

<httpRuntime requestValidationMode="2.0" />

Edit Sept 2014: As per sprinter252 comments:

You should now use the [AllowHtml] attribute. See below from MSDN:

For ASP.NET MVC 3 applications, when you need to post HTML back to your model, don’t use ValidateInput(false) to turn off Request Validation. Simply add [AllowHtml] to your model property, like so:

public class BlogEntry {
    public int UserId {get;set;}
    [AllowHtml] 
    public string BlogText {get;set;}
 }

What about [AllowHtml] attribute above property?

Related

Call static method with reflection
How to connect to database from Unity
Get destination address of a received UDP packet
When an interrupt occurs, what happens to instructions in the pipeline?
Accessing Asp.net controls using jquery (all options)
Accessing arrays by index[array] in C and C++
MATLAB, Filling in the area between two sets of data, lines in one figure
Why does MySQL report a syntax error on FULL OUTER JOIN?
How do I edit a CSS variable using JS?
Environment variables in Eclipse
How to add/remove a class in JavaScript?
Is it possible to format an HTML tooltip (title attribute)? [duplicate]