Reputation: 843
MVC 3 and Xml property data in your model
Does MVC 3 support Xml data? I have a model class with a field (call it 'MyCustomersXml'), and I want to stuff it into a hidden field. The issue I'm having is that I get a 500 error when the user clicks a submit button. If the field is null, nothing happens.
I know ASP.Net does some type of validation by default to prevent html style content in control values, so my question is does MVC 3 also share this behavior? If so, how do I bypass this behavior to allow Xml in the postback?
Upvotes: 2
Views: 688
Answers (2)
Reputation: 1880
Using the AllowHtml in MVC 3 will also expose you to a CSRF attack. To tighen your net and stop most CSRF attacks remember to use the AntiForgeryToken.
The following link contains a brief discussion and examples: http://www.bondigeek.com/blog/2011/09/03/simple-mvc3-ajax-feedback-form-with-antiforgerytoken-to-prevent-most-csrf-attacks/
Upvotes: 0
Reputation: 1038830
You could decorate this field with the [AllowHtml] attribute:
[AllowHtml]
public string MyCustomersXml { get; set; }
Now the ASP.NET framework will no longer throw an exception when you try to POST dangerous characters such as < and > in this field.
Upvotes: 6
Related Questions
- Serializing C# model into a xml data
- Serialize xml request in c# controller
- XmlElement Attribute being ignored by Microsoft.AspNet.Mvc.Formatters.Xml
- Is it possible to store model data as xml?
- ASP.Net MVC3- Returning Serialized XML object to calling view
- Properties with just a getter not serializing to XML
- asp.net MVC cannot view properties from class used to de-serialize XML
- ASP.NET MVC: C# custom serialize a list of objects to xml
- resource xml file
- How to set xmlns when serializing object in c#