Validate Input in ASP.Net MVC

When you develop an app, sometimes your requirements could be you want to send HTML values (for example <h2>Hello World</h2>) from the view to the controller. Sometimes we use HTML Editors, to save some info into the database. By default ASP.NET MVC doesn't allow a user to submit the HTML content.

So let's see how to submit your form with HTML content.

  1. Open Visual Studio then select "New Project" then select "ASP.NET MVC 4 Application".

    New Project

  2. Provide a project name then click "OK".
  3. Select "Internet Application" then click "OK"

    Internet Application

  4. Create a New Model.

    ValidateModel.cs
    1. using System;  
    2. using System.Collections.Generic;  
    3. using System.Linq;  
    4. using System.Web;  
    5. using System.Web.Mvc;  
    6. namespace ValidateInputDemo.Models  
    7. {  
    8.     public class ValidateModel  
    9.     {  
    10.         public string description { getset; }  
    11.     }  
    12. }
  5. Add a new method to your Controller.

    HomeController.cs

    1. public ActionResult ValidateInput()  
    2. {  
    3.     return View();  
    4. }  
    5. [HttpPost]  
    6. public ActionResult  ValidateInput(string description)  
    7. {  
    8.     ValidateModel validateInputModel = new ValidateModel();  
    9.     validateInputModel.description = description;  
    10.     return View(validateInputModel);  
    11. }  

     

    ValidateInput.cshtml

    1. @model ValidateInputDemo.Models.ValidateModel  
    2. @{  
    3.        ViewBag.Title = "ValidateInput";  
    4. }  
    5. @using (@Html.BeginForm("ValidateInput","Home", FormMethod.Post, new { @id = "form1", @enctype = "multipart/form-data" }))  
    6. {  
    7.     <label id="lblDescription">Description</label>  
    8.      @Html.TextAreaFor(m=>m.description, new {@id="txtDescription",@name="description" })  
    9.     <input type="submit" id="bttn_Submit" />  
    10. }  

You can see in the code above, there is a text area and a submit button, have a look in the browser. Press F5.

Code in Browser view

You can see in the preceding screen, if you type something into the description and press Submit then nothing happens.

Now check the following example. Add HTML content into text area.

Add html content into text area

Now press the "Submit" button.

Error message

You will get the error above. This error comes because this is the security from ASP.NET MVC. For applications, a user cannot send HTML values to the controller, but sometimes we want to send values to the controller.

For resolving this issue we have the ValidateInput(false) attribute.

Just put this into your controller and have a look.

  1. [HttpPost]  
  2. [ValidateInput(false)]  
  3. public ActionResult  ValidateInput(string description)  
  4. {  
  5.    ValidateModel validateInputModel = new ValidateModel();  
  6.    validateInputModel.description = description;  
  7.    return View(validateInputModel);  
  8. }

Now press F5. After filling in the HTML attribute press the submit button, you will never get an error. So when you want to work with HTML attributes in your app text area or textboxes, don't forget to use validateinpute(false) in your ActionMethod.


Similar Articles