Login for your services
Digital Diary My Tasks Bookmarks My Q/As
AXARROW HIGHLIGHTS
In the ASP.NET MVC Form, I need to take HTML as input field. What is the safe way to achive the same.
Recent Articles
ARTICLES BY TAGS
All Tags
Analytics
ASP.NET
Bigdata
Cloud
CNC
Data Center
Enterprise
IoT
IVR
JQuery
Machine Learning
MVC
Responsive
Security
Self Development
Software Architecture
SQL-Server
SS7
Telecom
Web-RTC
TECHNOLOGY QUESTION -DETAILS WITH ANSWERS: (1)
TECHNOLOGY FORUM - QUESTION
View Software Development | Architecture | Techno-Commercial | Developer Personality | Programming
How to allow Html as input in ASP.NET MVC Form
In the ASP.NET MVC Form, I need to take HTML as input field. What is the safe way to achive the same.
Question ID:000033 Submitted by: Surinder Kumar on 7/13/2017 Associated Tags:
Answered By Answer - ID: 00039
Atul Negi On: 7/14/2017
Answer For taking HTML as input in the ASP.NET MVC Form, you need to be careful about the possible misuse of the input opportunity that user gets. When you allow open HTML, the standard framework does not apply input validation techniques, and as such you need to carry out validations yourself. There may be chances of cross-site scripting or any other malicious code being inducted into the program. So if you really want HTML as input, you need to carry out following steps apart from extra validation.

In the model, include required library: -
using System.Web.Mvc;

And in the variable definition Model file, decorate the input Variable with AllowHtml tag: - 
 
[AllowHtml] 
public string AnswerDetail { get; set; }


Note:In the database-first approach, you need to ensure that library and AllowHtml tags are there, even after you refresh schema from the database.

Provide Your Answer