Asp Mvc Handling Error when entering HTML in form

Question

Is it possible to handle the A potentially dangerous Request.Form value was detected from the client (Model.Title="<p>some text</p>"). system wide? Answers in this question suggest to add some validation on each attribute. I don't want to do that. Is it possible to redirect the user back to the form with an error message telling them they entered invalid input?

Edit: To clarify, I don't want to accept the HTML, I just want to show the user a friendly error message (like the ones for the validation of attributes).

Edit2: I know I can add attributes to my properties to allow HTML or disable the validation. Since there are a lot of forms, I don't want to pollute al my properties with [AllowHtml] or disable the validation (because I need validation). I'm looking for a way to intercept the MVC-flow and catch this error when it gets triggered.

Answer 1

option 1

[ValidateInput(false)]

add this on your action,this will disable all field html check.
option 2

[AllowHtml]

add this on the property you want allow html.this will only allow that property contains html,others not. but,if you action like

public ActionResult Index(FormCollection form)

option 2 not work,you must use

public ActionResult Index(ModelXXX model)

because,this will use the modelbinder,and FormCollection not .

Answer 2

If you don't want to accept the HTML, I think the only way is to allow the HTML to be submitted, and then check for the presence of any HTML tags server-side. If found, you would then return your user to the form with code like this:

if (input.Contains("<")) {
   Model.AddModelError("HTML_FOUND", "There is HTML in your input. Please remove the HTML before trying to submit again");
   return View();
}

It's probably possible to implement this system-wide by using a Filter https://msdn.microsoft.com/en-us/library/gg416513%28VS.98%29.aspx