1

Whenever I enter anything in < angle brackets > (as well as some other html syntaxy things) into my TextBoxFor an exception is thrown 

@Html.TextBoxFor(model => model.tags, new { @class = "form-control", placeholder = "tags (comma separated)" })

A potentially dangerous Request.Form value was detected from the client (tags="").

I understand this occurs to prevent insecurities and that html encoding/decoding is the solution to my issue but I'm not sure how to implement it.

I've read in a few places that TextBoxFor does html encoding by default, but if that's true why am I having this issue?

Improve this question

1 Answer 1

Reset to default
2

To prevent this warning your have to put the [AllowHtml()] attribute on the tags property of your viewmodel.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.