Year End Sale: Get Upto 40% OFF on Live Training! Offer Ending in
D
H
M
S
 Get Now
  1. Home
  2. Tutorials
  3. Mvc
  4. Html Submission By Valida..
Html submission by ValidateInput and AllowHtml attribute in MVC4

Html submission by ValidateInput and AllowHtml attribute in MVC4

27 Mar 2024
Intermediate
29.2K Views
5 min read
Learn with an interactive course and practical hands-on labs

ASP.NET MVC with Web API Foundations Course - Free

 ValidateInput and AllowHtml attribute :An Overview

Sometimes, you're required to save HTML data in the database. By default, Asp.Net MVC doesn't allow a user to submit HTML to avoid a cross site Scripting attack on your application. In this MVC Tutorial, we will explore more about HTML submission by ValidateInput and AllowHtml attribute in MVC4 which will include validate input vs allow HTML, the difference between validate input and allow HTML, Allow HTML input in a textarea, handling HTML tags in mvc razor. Consider our ASP.NET MVC Course for a better understanding of all MVC core concepts.

Html submission by ValidateInput and AllowHtml attribute

Suppose you have the below form and you can submit the HTML in the description text area.

If you do this and try to submit it you will get the error as shown in fig.

However, if you want to do this, you can achieve it by using ValidateInput attributes and AllowHtml attributes.

ValidateInput Attribute

This is the simple way to allow the submission of HTML. This attribute can enable or disable input validation at the controller level or at any action method.

ValidateInput at Controller Level


[ValidateInput(false)]
public class HomeController : Controller
{
 public ActionResult AddArticle()
 {
 return View();
 }
 
 [HttpPost]
 public ActionResult AddArticle(BlogModel blog)
 {
 if (ModelState.IsValid)
 {
 
 }
 return View();
 }
}

Now, the user can submit HTML for this Controller successfully.

ValidateInput at the Action Method Level



public class HomeController : Controller
{
 public ActionResult AddArticle()
 {
 return View();
 }
 
 [ValidateInput(false)]
 [HttpPost]
 public ActionResult AddArticle(BlogModel blog)
 {
 if (ModelState.IsValid)
 {
 
 }
 return View();
 }
}

Now, the user can submit HTML for this action method successfully.

Limitation of ValidateInput attribute

This attribute also has an issue since this allows the HTML input for all the properties and that is unsafe. Since you have enabled HTML input for only one or two properties then how to do this? To allow HTML input for a single property, you should use AllowHtml attribute.

AllowHtml Attribute

This is the best way to allow the submission of HTML for a particular property. This attribute will be added to the property of a model to bypass input validation for that property only. This explicit declaration is more secure than the ValidateInput attribute.

using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;

public class BlogModel
{
 [Required]
 [Display(Name = "Title")]
 public string Title { get; set; }

 [AllowHtml]
 [Required]
 [Display(Name = "Description")]
 public string Description{ get; set; }
}

Make sure, you have removed the ValidateInput attribute from Controller or Action method. Now, the user can submit HTML only for the Description property successfully.

The difference between validateInput and allowHTML

The difference between validateInput and allowHTML
Conclusion

So in this article, we have learned about the difference between validate input and allow HTML in MVC4. I hope you enjoyed learning these concepts while programming with Asp.Net. Feel free to ask any questions from your side. Your valuable feedback or comments about this article are always welcome. Level up your career in MVC with our ASP.Net Core Certification

Share Article
Similar Articles
Previous Tutorial
ViewData vs ViewBag vs TempData vs Session
Next Tutorial
Different Ways of Rendering Layouts in Asp.Net MVC
About Author
Author image View Profile
Shailendra Chauhan (Microsoft MVP, Founder & CEO at ScholarHat)
Shailendra Chauhan, Founder and CEO of ScholarHat by DotNetTricks, is a renowned expert in System Design, Software Architecture, Azure Cloud, .NET, Angular, React, Node.js, Microservices, DevOps, and Cross-Platform Mobile App Development. His skill set extends into emerging fields like Data Science, Python, Azure AI/ML, and Generative AI, making him a well-rounded expert who bridges traditional development frameworks with cutting-edge advancements. Recognized as a Microsoft Most Valuable Professional (MVP) for an impressive 9 consecutive years (2016–2024), he has consistently demonstrated excellence in delivering impactful solutions and inspiring learners.

Shailendra’s unique, hands-on training programs and bestselling books have empowered thousands of professionals to excel in their careers and crack tough interviews. A visionary leader, he continues to revolutionize technology education with his innovative approach.
Our Courses
.NET Solution Architect Certification Training
.NET Solution Architect Certification Training
The .NET Solution Architect Certification Training Course is a comprehensive program designed to equip professionals with the skills and knowledge necessary to excel in the role of a .NET solution architect.
View More
ASP.NET Core Certification Training
ASP.NET Core Certification Training
Master ASP.NET Core with our comprehensive online course. Learn from industry experts and earn your .NET Core certification!
View More
Advanced Full-Stack .NET Developer Certification Training
Advanced Full-Stack .NET Developer Certification Training
Master the latest techniques in .NET development, from advanced back-end technologies to cutting-edge front-end frameworks. Gain hands-on experience in building robust and scalable applications, and elevate your skills with in-depth sessions.
View More

We use cookies to make interactions with our websites and services easy and meaningful. Please read our Privacy Policy for more details.

Accept cookies & close this