MVC4 AllowHtml does not work with the dictionary <string, string>

Question

MVC4 AllowHtml does not work with the dictionary <string, string>

I have this class in a C # MVC4 project:

public class SaveModel { .... [AllowHtml] public string BodyHtml { get; set; } [AllowHtml] public Dictionary<string, string> AdditionalTemplate { get; set; } }

Controller actions that look something like this.

 public ActionResult SaveTemplate(SaveModel model) { .... }

BodyHtml is working fine, but for some reason AllowHtml is not working in the dictionary, and I get an error similar to this:

 A potentially dangerous Request.Form value was detected from the client (additionalTemplate[0].value="<tr>..."

Is there any way around it except disabling validation for the entire request by putting [ValidateInput (false)] on my action?

 [ValidateInput(false)] public ActionResult SaveTemplate(SaveModel model) { .... }

+4

c # asp.net-mvc-4 model-binding

Henrik Stenbæk Jul 31 '13 at 19:27

source share

1 answer

Vladimir Shmidt · Answer 1 · 2016-09-19T13:39:22+0000

As a quick workaround, you can create your own type to collect key values where there are two properties. The Value property can be marked as AllowHtml as:

  public List<MyCustomItem> AdditionalTemplate { get; set; }

blabla

 class MyCustomItem { public string Key { get; set; } [AllowHtml] public string Value { get; set; } }

MVC4 AllowHtml does not work with the dictionary <string, string>

More articles: