Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

AllowHtmlAttribute Class

 

Allows a request to include HTML markup during model binding by skipping request validation for the property. (It is strongly recommended that your application explicitly check all models where you disable request validation in order to prevent script exploits.)

Namespace:   System.Web.Mvc
Assembly:  System.Web.Mvc (in System.Web.Mvc.dll)

System.Object
  System.Attribute
    System.Web.Mvc.AllowHtmlAttribute

[AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple = false, 
	Inherited = true)]
public sealed class AllowHtmlAttribute : Attribute, IMetadataAware

NameDescription
System_CAPS_pubmethodAllowHtmlAttribute()

Initializes a new instance of the AllowHtmlAttribute class.

NameDescription
System_CAPS_pubpropertyTypeId

(Inherited from Attribute.)

NameDescription
System_CAPS_pubmethodEquals(Object)

(Inherited from Attribute.)

System_CAPS_pubmethodGetHashCode()

(Inherited from Attribute.)

System_CAPS_pubmethodGetType()

(Inherited from Object.)

System_CAPS_pubmethodIsDefaultAttribute()

(Inherited from Attribute.)

System_CAPS_pubmethodMatch(Object)

(Inherited from Attribute.)

System_CAPS_pubmethodOnMetadataCreated(ModelMetadata)

This method supports the ASP.NET MVC validation infrastructure and is not intended to be used directly from your code.

System_CAPS_pubmethodToString()

(Inherited from Object.)

By default, the ASP.NET MVC framework checks requests during model binding to determine whether they contain potentially dangerous content as HTML markup. If HTML is detected, model binding throws an error.

If a property is marked with the AllowHtmlAttribute attribute, the ASP.NET MVC framework skips validation for that property during model binding. For more information, see the entry Granular Request Validation in ASP.NET MVC on Marcin Dobosz's blog.

System_CAPS_warningWarning

Allowing HTML input is a potential security threat. For more information, see .

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2015 Microsoft