Home/ Questions/Q 6799165
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T18:48:57+00:00

Using MVC, EF 4.2. I am working on an application that has a comment

  • 0

Using MVC, EF 4.2. I am working on an application that has a comment section. Right now if a user enters a comment that contains HTML e.g.

<b>text</b>

and hits submit i get the message
“A ptentially dangerous Request.Form value was detected…”

  1. How do i handle html on the way into the db? Should I just strip the html? Or encode it? I tried server.htmlencode the text but i still had the same error message.

I have read a number of posts on the matter including some here at SO – this one and this one

Ideally, i’d like to be able to allow a limited number of html tags such as em strong, a. Would Anti-XSS, HTML Agility, some kind of BB code, or a markdown style editor still be the recommended way? I know Jeff has a whitelist bit of code – however it is few yrs old.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    you can do

    [ValidateInput(false)]
public ActionResult foo()
{
}

    or you can decorate the model property with AllowHtml

       public class Foo
    {
        [AllowHtml]
        public string bar{ get; set; }
    }
    • 0