Post HTML encoded Form data to server

Question

I'm currently using MVC 3 (WebForm view engine) and have a form that shows user comments.

If I have a comment which has an ampersand (&), <%= Html.Textbox() %> will encode it as &. However, if the form is then posted to the server, ASP.NET kicks in thinking that the submitted content is malicious.

I find myself having to use HTML decoding methods using JavaScript before the content is sent to the server.

I am able to get the results that I want, but I feel like I'm not doing this right.

Any suggestions?

score 0 · Answer 1 · answered Oct 30 '12 at 23:55

0

You can use special attribute to allow safe html tags to be posted by using AllowHtml attribute , you will define your model/viewmodel as following

public class Comment
{

       public int Id{get; set;}

       [AllowHtml] // Allow safe html tags
       public string Comment {get; set;}   
}

answered Oct 30 '12 at 23:55

Nadeem Khedr

5,273
3
30
37

Unfortunately, I do not have access to modify the model. – Andy T Oct 31 '12 at 00:00
you could use `[ValidateInput(false)]` on the controller but thats risky becvause it will allow everything and wont validate it – Nadeem Khedr Oct 31 '12 at 00:20
1

or lastly what you did , is encoding the result before sending it to the server – Nadeem Khedr Oct 31 '12 at 00:22

Post HTML encoded Form data to server

1 Answers1