Reputation: 18620
In asp.net mvc 1.0 it is possible to add a [ValidateInput(false)]
attribute to an ActionResult
. Is it possible to allow some HTML (<p>,<a>) and disallow other HTML tags (<script>)? How would I do this?
Upvotes: 1
Views: 703
Reputation: 1833
Create your own attribute similar to "ValidateInput,"
See here for Custom Attributes:
http://msdn.microsoft.com/en-us/library/dd410056.aspx
It's just a class that inherits from the Attribute base class. You'd create a method within the class that would use regular expressions (www.regular-expressions.info) to detect the "bad" tags -- the input is the content of the page, run the expression, if there's a match, then throw an error, or return the error code, whatever you choose.
Upvotes: 1
Reputation: 3434
You could create your own attribute similar to "ValidateInput" the would check the input and allow custom tags.
Have a look at this for help Custom Attributes
Upvotes: 2