[RESOLVED]Allowing html to be passed in a form html editor textarea

There readers. I have a form that has a html editor box just like our message box on this forum. I tried allowing html to be passed to my action method. But from all that I read on stack over flow. I was told to add this [ValidateInput(false)]  to my action
method. Add this [AllowHtml] to my model variable and also alter the config file to disable validation for pages.

Unfortunately I dont want this approach cos for me the security implication is seriously high disabling validation. Here comes my question is there a way I allow validation for my form and accept html for one of the field of my form ?

I tried writing a custom ValidationInput that would tell asp.net to accept html for one of the form field and filter the html but I dont know how to write this.

Please I need help, thanks alot.

You don’t need to alter your web.config and disable validation for your entire site. Just using the [AllowHtml] attribute on your model property will allow this to work.  You don’t need the [ValidateInput] attribute either with this approach.

Thanks alot. I just tried it now. When I dont enter a value into my form and I submit I get the following error

Server Error in '/' Application.

A potentially dangerous Request.Form value was detected from the client (Description="<p><br></p>").

I would post my model below so you see what I have done

.....................

   [Display(Name = "Description")]
        [Required(ErrorMessage="Enter Event Description")]
        [AllowHtml]  //This is going to enable html values to be passed into the form
        public string Description { get; set; }


........................

Then the decorations that I did to my controller is pasted below

        [HttpPost]
        [ValidateAntiForgeryToken]
        [CaptchaMvc.Attributes.CaptchaVerify("Captcha is not valid")] //This is for the captcha key        
        public ActionResult CreateEvent(EventModel model)
        {


.............................

What do you think would be responsible for the error. I am using the  <link href="~/Content/summernote.css" rel="stylesheet" />

summernote    Html Editor plugin for WYSIWYG Editor.

Thanks for you response

There are obviously a few ways to handle this.

Turning off validation using the [ValidateInput(false)] method will work, but it’s highly recommended. An easier approach would be to decorate the property that your HTML content will bind to with the

[AllowHtml] attribute
.

Let’s say for example you have the following element that will be activated as a "rich text box" and allow HTML content through jQuery (or Javascript) :

@Html.TextBoxFor(m => m.Content, new { @class = "rich-text-box" })

You’ll just need to decorate the same property that this will bind to on your model :

public class YourModel
{
     [AllowHtml]
     public string Content { get; set; }
 
     // Omitted for brevity
}

The [AllowHtml] attribute will only allow HTML content to be passed along to your Content field in this case. Any other properties that you want to pass in HTML will need to be decorated with it.

Dear Rion,

    Thanks for you reply. I did that in my code. If you look at my post above you would realise this.   Or could it be the plugin that I am using for my HTML Editor.

I just remove the plugin and I tried using a normal textarea box. Believe me it still the same error that I am getting. I dont know what to do.

Dear Rion, This is really strange. I tried this in another of my project and it worked. The current project that is not working on contains Areas. I am working in a particular area cos the project is very large.

I dont even have a clue to what could be stoping it from working.

Please any idea. I know you very experienced

Finally I got the problem it is my capcha module. As soon as I disabled it. It worked perfertly well. After 2 hours of relentless debuging. 

Thanks alot.

Leave a Reply