In asp.net mvc 1.0 it is possible to add a [ValidateInput(false)] attribute to an ActionResult. Is it possible to allow some HTML (<p>,<a>) and disallow other HTML tags (<script>)? How would I do this?
views:
217answers:
2
+1
A:
You could create your own attribute similar to "ValidateInput" the would check the input and allow custom tags.
Have a look at this for help Custom Attributes
TWith2Sugars
2009-06-05 13:23:48
I thought it was possible using the default ValidateInput function. The signature says: ValidateInputAttribute.ValidateInputAttribute(bool enableValidation, <strong>Named Parameters...</strong>)
jao
2009-06-05 14:27:54
A:
Create your own attribute similar to "ValidateInput,"
See here for Custom Attributes:
http://msdn.microsoft.com/en-us/library/dd410056.aspx
It's just a class that inherits from the Attribute base class. You'd create a method within the class that would use regular expressions (www.regular-expressions.info) to detect the "bad" tags -- the input is the content of the page, run the expression, if there's a match, then throw an error, or return the error code, whatever you choose.
Pete Michaud
2009-06-05 13:40:30