Reputation: 751
ValidateInput(true) not working accepting html tags with ajax post call
I want to block HTML tags. I'm passing HTML tags to action and it is accepting it. I have used [ValidateInput(true)] but still its accepting HTML. By default, validation is enabled but in this case, it is not working
Im using ajax call to send data :
$.ajax({
method: "Post",
url: "/Home/MyAction",
contentType: 'application/json',
data: JSON.stringify({ htm: "<span>abc</span>"}),
success: function (d) {
UnBlockUI();
if ($.type(d) == "string")
AccessDenied();
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
UnBlockUI();
ErrorMessage("Something went wrong, please try again");
}
});
The code:
[ValidateInput(true)]
public ActionResult MyAction(string htm)
{
return View(htm);
}
any solution to get rid of this problem
Thanks :)
Upvotes: 1
Views: 2301
Answers (2)
Reputation: 751
@Biby Augustine is right....
Simply pass the Object and it validates donot do JSON.stringify() as it converts the object to valid json (string) which is not validated by ValidateInput annotation
$.ajax({
method: "Post",
url: "/Home/MyAction",
data: dataObject,
success: function (d) {
UnBlockUI();
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
UnBlockUI();
ErrorMessage("Something went wrong, please try again");
}
});
Upvotes: 2
Reputation: 425
ValidateInput validates if there any suspicious requests coming on Form submission.
Form submission means do post back of the entire form by click on a submit button.
For example
HTML:
<body>
<form id="frmDemo" method="post" action="/Home/Demo">
<input type="hidden" id="hdnText" value="<span>Testing</span>"/>
<button type="submit" form="frmDemo" value="Submit">Submit</button>
</form>
</body>
In ActionResult
[HttpPost,ValidateInput(false)]
public ActionResult Demo(FormCollection frm)
{
frm["hdnText"].ToString(); //this will give you the result
}
In case any html tag encountered while posting it will be blocked.
Upvotes: 1
Related Questions
- Jquery post and unobtrusive ajax validation not working mvc 4
- validate html input in asp.net with MVC
- MVC 5 trouble on validating posted form inputs that are html encoded
- Ajax form not submitted when there are HTML tags in the input field
- ValidateInput Attribute Doesn't Seem To Work in ASP.NET MVC
- Validate inputs when I do ajax post
- MVC3, form validation where html is pushed out via ajax call
- Validate data for Ajax POST request
- mvc client side validation broken now that im doing an ajax jquery .post
- ValidateRequest="false" doesn't work when posting HTML values