Avoid security risks when using RTE to send formatting?

Asked Oct 27 '16 at 17:10

Active Oct 27 '16 at 20:01

Viewed 68 times

I'm using NicEdit for formatting texts in my ASP.NET MVC project, when I save the text, I get this error:

A potentially dangerous Request.Form value was detected from the client (Body="<font size="6">text ...").

I understand the risk to post raw HTML, but is there a way to allow NicEdit to work without violating security rules?

Edit:

I put the attribute:[ValidateInput(false)] on the actions and used Html.Raw() in the views. Not sure if this is the best solution to take!

edited Oct 27 '16 at 20:01

asked Oct 27 '16 at 17:10

mshwf

2

Apply `[AllowHtml]` to the property of your model rather than `[ValidateInput(false)]` - [ValidateInput(false) vs AllowHtml](http://stackoverflow.com/questions/25630141/validateinputfalse-vs-allowhtml) – Oct 27 '16 at 20:57

0 Answers0