All geek questions in one place

Invalid AllowHtml attribute

I have a model with this property:

[AllowHtml] [DisplayName("Widget for Table")] [StringLength(1000, ErrorMessage = "Maximum chars 1000")] [DataType(DataType.Html)] public object TableWidget { get; set; }

And here are the creation methods in the controller:

  // // GET: /Admin/Table/Create public ActionResult Create(int id) { Season season = _seasonRepository.GetSeason(id); var table = new Table { SeasonId = season.SeasonId }; return View(table); } // // POST: /Admin/Table/Create [HttpPost] public ActionResult Create(Table a) { if (ModelState.IsValid) { _tableRepository.Add(a); _tableRepository.Save(); return RedirectToAction("Details", "Season", new { id = a.SeasonId }); } return View(); }

And the last one here is my opinion:

 @model Stridh.Data.Models.Table @using (Html.BeginForm()) { @Html.ValidationSummary(true) <fieldset> <legend>Fields</legend> <div class="editor-label"> @Html.LabelFor(model => model.Name) </div> <div class="editor-field"> @Html.EditorFor(model => model.Name) @Html.ValidationMessageFor(model => model.Name) </div> <div class="editor-label"> @Html.LabelFor(model => model.TableURL) </div> <div class="editor-field"> @Html.EditorFor(model => model.TableURL) @Html.ValidationMessageFor(model => model.TableURL) </div> <div class="editor-label"> @Html.LabelFor(model => model.SortOrder) </div> <div class="editor-field"> @Html.EditorFor(model => model.SortOrder) @Html.ValidationMessageFor(model => model.SortOrder) </div> <div class="editor-label"> @Html.LabelFor(model => model.TableWidget) </div> <div class="editor-field"> @Html.EditorFor(model => model.TableWidget) @Html.ValidationMessageFor(model => model.TableWidget) </div> <div class="editor-label invisible"> @Html.LabelFor(model => model.SeasonId) </div> <div class="editor-field invisible"> @Html.EditorFor(model => model.SeasonId) </div> <p> <input type="submit" value="Create" /> </p> </fieldset> }

When I add a "normal" message without html, everything will be kept in order, but when it is saved, the "potentially dangerous Request.Form ...

Another weird thing: I got this [AllowHtml] to work in another model class. I cannot find why this is causing me trouble. I need your help.: -)

+4
source share
4 answers

The way to use AllowHtml should work. Make sure that you do not get access to the HttpRequest.Form collection anywhere else in your code (controller, filter, etc.), as this will lead to validation of the ASP.NET request and the error you see. If you need access to this variable, you must access it through the following code.

 using System.Web.Helpers; HttpRequestBase request = .. // the request object request.Unvalidated().Form;
+15
source

I get the same problem and I solve it with this message .

If you are in .net 4.0 make sure you add this to your web.config

 <httpRuntime requestValidationMode="2.0" />

Inside the <system.web> tags

+4
source

I also had this problem. I could not get the model property marked [AllowHtml] to actually allow HTML, and instead ran into the same error you are describing. My solution turned out to mark the Controller action, which takes a published model with the [ValidateInput(false)] attribute.

+1
source

I had the same problem. My model class is called "GeneralContent" and has the "Content" property. In my action method, I used the attribute as follows:

public update of ActionResult (GeneralContent content)

when I renamed the content argument to cnt, everything works fine. I think MVC is confused when some attributes of the model class have the same name as the argument in the action method.

+1
source

Source: https://habr.com/ru/post/1337934/

More articles:


All Articles