tags:

views:

52

answers:

2
+2  Q: 

Allow user to input HTML in asp.net MVC

How can I allow a user to input HTML into a particular field using ASP.net MVC.

I have a long form with many fields that get mapped to this complex object in the controller.

I would like to make one field (the description) allow HTML which I will preform my own sanitation on at a later point.

A: 

You can add [ValidateInput(false)] attribute to your controller action.

http://stephenwalther.com/blog/archive/2009/02/20/tip-48-ndash-disable-request-validation.aspx

I thought there was a way to easily disable it globally via web.config...

http://weblogs.asp.net/imranbaloch/archive/2010/06/08/handling-validateinputattribute-globally.aspx

dotjoe  2010-09-01 19:09:36
+4  A: 

Add the following attribute the action (post) in the controller that you want to allow HTML for:

[ValidateInput(false)]

Edit: As per Charlino comments:

In your web.config set the validation mode used. See MSDN:

<httpRuntime requestValidationMode="2.0" />
Kelsey  2010-09-01 19:11:11
If you are using .NET 4 you'll also have to set `<httpRuntime requestValidationMode="2.0" />` in your web.config file.
Charlino  2010-09-01 19:43:37
@Charlino good point... I will amend my answer to include that and some more information.
Kelsey  2010-09-01 19:44:55
but wont that preclude me from being able to use validation on the rest of my Model?I have a large model for this particular page not to mention all of the other models edited by this controllerI was hoping to rely heavily on the ModelState and declarative Validation through attributes
Rabbi  2010-09-02 01:47:51
@Rabbi it will remove all request validation for this action. It will not affect your model validation but all other fields will need to be checked and sanatized as well. You can't do it on a field by field level because the validation is happening at the point when the request is received which is way before the model is validated.
Kelsey  2010-09-02 03:41:36
Is there really no solution for .NET 4 that doesn't include downgrading the request validation mode?
bzlm  2010-09-02 06:46:13
@bzlm check out the MSDN link I posted... it doesn't need to be there but it is an option depending on the behaviour that they are after.
Kelsey  2010-09-02 07:06:12

related questions

Would you override ScriptControl or BaseValidator for an async ASP.NET validator control?
Handling HttpRequestValidationException gracefully and ASP.net AJAX compatible?
How to Dynamically Generate String Validation?
Validate email address in Javascript?
Data Validation Design Patterns
Strong Validation in WPF
How to evaluate an IP?
Validating a HUGE XML file
Validate (X)HTML in Python
ValidationRule To Enforce Unique Name
Checking if userinput is a valid URI in XUL
XML Parser Validation Report
Email SMTP validator
MVC - where to implement form validation (server-side)?
How do you remove invalid hexadecimal characters from an XML-based data source prior to constructing an XmlReader or XPathDocument that uses the data?
How to check set of files conform to a naming scheme
What's the best way to implement field validation using ASP.NET MVC?
How do I validate xml against a DTD file in Python
What's the best way to validate an XML file against an XSD file?
Problem databinding an ASP.Net AJAX toolkit MaskedEditExtender
Validating posted form data in the ASP.NET MVC framework
Best method for varchar date validation in Sybase (T-SQL)?
How important is W3C XHTML/CSS validation when finalizing work?
How far should one take e-mail address validation?
ASP .Net Custom Client-Side Validation