CODEWITHSUNDEEP
jqueryasp.net-mvc-4
demouser
demouser

Reputation: 113

MVC5 web page error (500)

Hi all I am implementing a program to download emails and save it to database. I am binding the content to webgrid and on row click I am opening a view to show the mail content. Every thing works fine, but when I have the content with html tags I am getting web page error as attached can some one help me. This is my code inside the controller

public JsonResult GetMessageDetails(string bodyContent)
    {
        ViewBag.bodyContent = bodyContent;
        return Json(bodyContent, JsonRequestBehavior.AllowGet);
    }

enter image description here

Upvotes: 0

Views: 39

Answers (1)

Shyju
Shyju

Reputation: 218942

This is a security feature in MVC to prevent Cross site scripting attacks.

How Cross site scripting works ?

Imagine, You are reading some html input and rendering it in your page without encoding like

@Html.Raw(Model.SomePropertyWhichHasHtmlContent)

Now, instead of posting an answer, what if I posted this

"<script>alert('Bazinga!'); window.location.href='http://www.mywebsite.com';</script>"

When you try to render this html content in your page using the Html.Raw() method, user will be redirected to www.mywebsite.com after seeing the alert.

Now in your case, If you trust the input coming to this method, know how to always encode the content while re displaying in a page, and want to override this behavior, you may decorate your action method with ValidateInput attribute with value false

[ValidateInput(false)]
public JsonResult GetMessageDetails(string bodyContent)
{
    ViewBag.bodyContent = bodyContent;
    return Json(bodyContent, JsonRequestBehavior.AllowGet);
}

Upvotes: 3

Related Questions