Hi I have a MVC site and will have users inputting text to be

Question

0

Asked: May 16, 20262026-05-16T22:51:39+00:00 2026-05-16T22:51:39+00:00

Hi I have a MVC site and will have users inputting text to be

0

Hi I have a MVC site and will have users inputting text to be displayed on a web page.
I am trying to come up with a graceful way of handling any HTML that the user try’s to input – as you will probably be aware MVC 2 throws an error for any HTML in the text.

I use ViewModels and decorate my properties with filters from the DataAnotation class to validate my forms.

Anybody now of such a way?

Is there some crazy regex that will NOT match HTML but anything else or some other way?

I am open to any suggestions.

Thanks,

Simon

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T22:51:39+00:00

Editorial Team

2026-05-16T22:51:39+00:00Added an answer on May 16, 2026 at 10:51 pm

Adding the following attribute will stop the runtime from complaining:

[ValidateInput(false)]
public ActionResult SomeEvilAction ()
{
    /* ... */
}

Now it’s your task to HTML encode every input you display back on a page:

<%= HttpUtility.HtmlEncode (Model.Text) %>

or

<%: Model.Text %>

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Hi I have a MVC site and will have users inputting text to be

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply