Contents tagged with ValidateInput

  • ASP.NET MVC Accepting HTML Input from View

    ASP.NET, MVC, Razor, HTML, ValidateInput

    By default, ASP.NET will not allow any HTML or JavaScript tags to be entered as text for an input field. It will throw an error stating:

    "A potentially dangerous Request.Form value was detected from the client..."

    This is a built-in security mechanism to prevent Cross-Site Scripting (XSS) or other forms of injection attacks. However for my blog, I needed to be able to accept HTML tags for the blog posts, so I did some research and found two primary ways around this problem.

    [ValidateInput( …

    Read more 

  • 1