Updated on Kisan Patel
This tutorial will show you how to mark a form to not validate the input data for any HTML or script data submission in ASP.NET MVC.
To mark an action method that accepts HTML or scripts data as well, we can decorate that with [ValidateInput(false)]
attribute.
[HttpPost] [ValidateInput(false)] public ActionResult Index(Form form) { var data = form["txt"]; return Content(data); }
Notice the above ValidateInput attribute in the action method.
View :
<h2>Index</h2> @using (Html.BeginForm()) { <textarea id="txt" name="txt" rows="10" cols="50"></textarea> <input type="submit" value="Submit" /> }
The above form will accepts HTML and other script data too apart from normal data.
If we remove the [ValidateInput(false)] attribute from the above action method and submit the same above form,
it throws error (A potential dangerous Request.Form
value was detected).