Allow User to Submit HTML or script Data in ASP.NET MVC

Updated on August 23, 2015 Kisan Patel

This tutorial will show you how to mark a form to not validate the input data for any HTML or script data submission in ASP.NET MVC.

To mark an action method that accepts HTML or scripts data as well, we can decorate that with [ValidateInput(false)] attribute.

[HttpPost]
[ValidateInput(false)]
public ActionResult Index(Form form)
{
    var data = form["txt"];
    return Content(data);
}

Notice the above ValidateInput attribute in the action method.

View :

<h2>Index</h2>
@using (Html.BeginForm())
{
    <textarea id="txt" name="txt" rows="10" cols="50"></textarea>
    <input type="submit" value="Submit" />
}

The above form will accepts HTML and other script data too apart from normal data.

If we remove the [ValidateInput(false)] attribute from the above action method and submit the same above form,
it throws error (A potential dangerous Request.Form value was detected).

ASP.NET MVC

« Previous

Allow User to Submit HTML or script Data in ASP.NET MVC

Leave a Reply Cancel reply

What is MVC?

What is ASP.NET MVC?

Using Entity Framework Code First Migrations in ASP.NET MVC

ASP.NET MVC – Make Action Method as Anonymous Methods in Secure Controller

Cache the Output of the Action Method in ASP.NET MVC