jao
jao

Reputation: 18620

How to allow some html tags and disallow others?

In asp.net mvc 1.0 it is possible to add a [ValidateInput(false)] attribute to an ActionResult. Is it possible to allow some HTML (<p>,<a>) and disallow other HTML tags (<script>)? How would I do this?

Upvotes: 1

Views: 703

Answers (2)

Pete Michaud
Pete Michaud

Reputation: 1833

Create your own attribute similar to "ValidateInput,"

See here for Custom Attributes:

http://msdn.microsoft.com/en-us/library/dd410056.aspx

It's just a class that inherits from the Attribute base class. You'd create a method within the class that would use regular expressions (www.regular-expressions.info) to detect the "bad" tags -- the input is the content of the page, run the expression, if there's a match, then throw an error, or return the error code, whatever you choose.

Upvotes: 1

TWith2Sugars
TWith2Sugars

Reputation: 3434

You could create your own attribute similar to "ValidateInput" the would check the input and allow custom tags.

Have a look at this for help Custom Attributes

Upvotes: 2

Related Questions