Export (0) Print
Expand All

AllowHtmlAttribute Class

Allows a request to include HTML markup during model binding by skipping request validation for the property. (It is strongly recommended that your application explicitly check all models where you disable request validation in order to prevent script exploits.)

System.Object
  System.Attribute
    System.Web.Mvc.AllowHtmlAttribute

Namespace:  System.Web.Mvc
Assembly:  System.Web.Mvc (in System.Web.Mvc.dll)

[AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple = false, 
	Inherited = true)]
public sealed class AllowHtmlAttribute : Attribute, 
	IMetadataAware

The AllowHtmlAttribute type exposes the following members.

  NameDescription
Public methodAllowHtmlAttributeInitializes a new instance of the AllowHtmlAttribute class.
Top

  NameDescription
Public propertyTypeId (Inherited from Attribute.)
Top

  NameDescription
Public methodEquals (Inherited from Attribute.)
Public methodGetHashCode (Inherited from Attribute.)
Public methodGetType (Inherited from Object.)
Public methodIsDefaultAttribute (Inherited from Attribute.)
Public methodMatch (Inherited from Attribute.)
Public methodOnMetadataCreatedThis method supports the ASP.NET MVC validation infrastructure and is not intended to be used directly from your code.
Public methodToString (Inherited from Object.)
Top

By default, the ASP.NET MVC framework checks requests during model binding to determine whether they contain potentially dangerous content as HTML markup. If HTML is detected, model binding throws an error.

If a property is marked with the AllowHtmlAttribute attribute, the ASP.NET MVC framework skips validation for that property during model binding. For more information, see the entry Granular Request Validation in ASP.NET MVC on Marcin Dobosz's blog.

Caution noteCaution

Allowing HTML input is a potential security threat. For more information, see Script Exploits Overview.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft