Used Version Detail : Visual studio 2013, Version 4.5, MVC 5 This is the simple ValideInput controller and it will render the view as output. And in the form submission, it will redirect to GetDescription() action and bind the view. In default, ValidateInput attribute parameter is true (ValidateInput(true)). Here it is the view for getting the form data from the user, which contain one textbox and submit button inside the BeginForm. After user submission it will redirect to the GetDescription action method inside the dotnethelpers controller. As per below screen, we are entering a content with HTML elements. And once we click on the submit button, then it will throw the error as like below because, in default ASP.NET MVC prevents the HTML element as form data. In simple, ASP.NET MVC cannot send HTML values to the controller. This is not an issue, it is default security validation handling by the ASP.NET MVC. In some scenario we need to override this security by using the ValidateInput attribute to prevent HTML explicitly. In default, ValidateInput parameter is true (ValidateInput(true).
Run the application and apply the Html element as input (Ex : http://localhost:62536/dotnethelpers/ValideInput). Happy codding !!!Controller:
View:
Output :
Note:
Implementing ValidateInput attribute:
GetDescription View:
Now its redirect to the “GetDescription View” instead of throwing the potential error as shown below.
Make Note Before Use:
{
[AllowHtml]
public string userDescription { get; set; }
}
ValidateInput Attribute in ASP.NET MVC
In some scenario, we need to send HTML value/content as input to our application from the view to the controller. In some time we use HTML Editors to save the HTML content if the end user accept. By default, ASP.NET MVC framework prevents you from submitting the HTML content/potentially malicious content to the controller, for avoiding the cross site scripting attack. This feature is called request validation.
1
2
3
4
5
6
7
8
9
public ActionResult ValideInput()
{
return View();
}
public ActionResult GetDescription(FormCollection _inputDescription)
{
//your logic
return View();
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<!DOCTYPE html>
<html>
<head>
<title>Index</title>
</head>
<body>
<div>
@{
using (Html.BeginForm("GetDescription", "dotnethelpers"))
{
<input type="txtDescription" name="description" /> <br />
<input type="submit" value="Submit Form" />
}
}
</div>
</body>
</html>
1
2
3
4
5
[/fusion_builder_column][fusion_builder_column type="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none"][ValidateInput(false)]
public ActionResult GetDescription(FormCollection _inputDescription)
{
return View();
}
1
2
3
4
5
6
7
8
9
10
11
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>GetDescription</title>
</head>
<body>
<div>
<h1>GetDescription View : Making validation using ValidateInput(false) attribute</h1>
</div>
</body>
</html>
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave A Comment