ValueProviderCollection not Respecting AllowHtml attribute

Question

I'm working on a WYSIWYG editor in a website. The editor in question is nicEdit.

I'm having some troubles with my mvc model throwing an "A potentially dangerous Request.Form value was detected" exception.

I attempted to solve this by putting an AllowHtml attribute on my Content property:

[AllowHtml]
public string Contents { get; set; }

The exception is being thrown in this code:

public static string GetStringValue(this IValueProvider provider, string key)
{
    return provider.getValue(key);
}

The particular provider in instantiated at run time is the built in ValueProviderCollection, containing a System.Web.Mvc.FormValueProvider, which my reading here suggests should respect the AllowHtml attribute.

So, what am I doing wrong here?

Edit: So my Senior has clued me in to the fact that the class I'm working in is an extension of IValueProvider (which is apparently what the "this IValueProvider provider" means).

Not sure if that should make a difference to things, but I thought I'd mention it for completion's sake.

Answer 1

After reading an excellent blog post on the topic, I've implemented my solution. It ended up being fairly simple.

I provided a similar method to the existing one:

public static string GetStringValue(this IUnvalidatedValueProvider provider, string key, performValidation)
{
    return provider.getValue(key, !performValidation).AttemptedValue;
}

In the calling code, for the particular property that I didn't want validated, I made the following call:

var content = (provider as IUnvalidatedProvider).GetValue(key, false);