TECHNOLOGY QUESTION -DETAILS WITH ANSWERS: (1)
How to allow Html as input in ASP.NET MVC Form
In the ASP.NET MVC Form, I need to take HTML as input field. What is the safe way to achive the same.
Question ID:000033 Submitted by: Surinder Kumar on 7/13/2017 Associated Tags:
Answered By Answer - ID: 00039
Atul Negi On: 7/14/2017
Answer For taking HTML as input in the ASP.NET MVC Form, you need to be careful about the possible misuse of the input opportunity that user gets. When you allow open HTML, the standard framework does not apply input validation techniques, and as such you need to carry out validations yourself. There may be chances of cross-site scripting or any other malicious code being inducted into the program. So if you really want HTML as input, you need to carry out following steps apart from extra validation.

In the model, include required library: -
using System.Web.Mvc;

And in the variable definition Model file, decorate the input Variable with AllowHtml tag: -
 
[AllowHtml] 
public string AnswerDetail { get; set; }



Note:In the database-first approach, you need to ensure that library and AllowHtml tags are there, even after you refresh schema from the database.

Provide Your Answer