by

How to allow HTML content in ASP .NET MVC

Sometimes in web development, you need to provide an easy-to-use editor for non-technical users to input or change content where extra styling is required such as making text bold or italic.

However unless you use (or code yourself) an editor which uses some form of BBCode you’re going to come across the following error message if you’re using ASP .NET.

A potentially dangerous Request.Form value was detected from the client

 

I have seen various “fixes” to this suggested, the most frequent being turning off request validation entirely. While this will get your form working, it also lowers the security of your application since any text field will accept HTML content. This could be used to inject scripts or to deface your website, in either case this is bad news.

However in ASP .NET MVC you can specify the [AllowHtml] attribute above a property in your model to allow HTML content to be entered and maintain security in the rest of your application.