Html submission by AllowHtml attribute in MVC4
ASP.NET MVC does not allow HTML submission by default due to Cross Site Scripting attack in application. AllowHtml Attribute can be used for submitting the form with HTML content.
AllowHtml attribute
AllowHtml attribute allows submission of Html value for a particular property instead of enabling Html value for all properties. AllowHtml attribute is added to model property as a result the input validation for that particular property only will be bypassed. The AllowHtml declaration explicitly provides more security to the application than ValidateInput attribute.
Example of declaring AllowHtml attribute for a particular property in model :-
Declaring a model in ASP.NET Mvc :-
using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;
public class StudentModel
{
[Required]
[Display(Name = "Student Name")]
public string Name { get; set; }
[AllowHtml]
[Required]
[Display(Name = "Description")]
public string Description{ get; set; }
}
In above example, the user will now able to submit the form with Html content only in Description property. Thus AllowHtml attribute allows Html content submission for a property instead of all properties making the application safer.
0 Comment(s)