6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to allow some html tags and disallow others?\",\"text\":\"

In asp.net mvc 1.0 it is possible to add a [ValidateInput(false)] attribute to an ActionResult. Is it possible to allow some HTML (<p>,<a>) and disallow other HTML tags (<script>)? How would I do this?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"jao\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

You could create your own attribute similar to \\\"ValidateInput\\\" the would check the input and allow custom tags.

\\n\\n

Have a look at this for help Custom Attributes

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"TWith2Sugars\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","asp.net-mvc",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/asp.net-mvc/1","children":"asp.net-mvc"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/daDWd.jpg?s=256","alt":"jao","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/106866/jao","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"jao"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",18620]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to allow some html tags and disallow others?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",703]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","955909",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/d99c896435be6c3ecb5f4786fabf3d51?s=256&d=identicon&r=PG","alt":"Pete Michaud","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/15915/pete-michaud","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Pete Michaud"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1833]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Create your own attribute similar to \"ValidateInput,\"

\n\n

See here for Custom Attributes:

\n\n

http://msdn.microsoft.com/en-us/library/dd410056.aspx

\n\n

It's just a class that inherits from the Attribute base class. You'd create a method within the class that would use regular expressions (www.regular-expressions.info) to detect the \"bad\" tags -- the input is the content of the page, run the expression, if there's a match, then throw an error, or return the error code, whatever you choose.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","955830",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/37582ec82863a9bf9483f6dd8ef70fe8?s=256&d=identicon&r=PG","alt":"TWith2Sugars","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/35389/twith2sugars","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"TWith2Sugars"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",3434]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You could create your own attribute similar to \"ValidateInput\" the would check the input and allow custom tags.

\n\n

Have a look at this for help Custom Attributes

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","49907858",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49907858","className":"text-blue-600 hover:underline","children":"How to whitelist html tags in Asp.net ValidationAttribute"}]}],["$","li","35082337",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35082337","className":"text-blue-600 hover:underline","children":"How do I allow selective HTML input in my ASP.NET MVC application?"}]}],["$","li","19735214",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19735214","className":"text-blue-600 hover:underline","children":"Allowing only certain HTML tags as user input"}]}],["$","li","24484785",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24484785","className":"text-blue-600 hover:underline","children":"How to allow a text box accepting only specific HTML tags?"}]}],["$","li","21089772",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21089772","className":"text-blue-600 hover:underline","children":"Allow using some html tags in MVC 4"}]}],["$","li","8781702",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8781702","className":"text-blue-600 hover:underline","children":"how to restrict HTML elements while allowing others"}]}],["$","li","16751122",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/16751122","className":"text-blue-600 hover:underline","children":"Prevent html tags entries in mvc textbox using regular expression"}]}],["$","li","14952261",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14952261","className":"text-blue-600 hover:underline","children":"Customize [AllowHtml] to allow specific html tags"}]}],["$","li","14356022",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14356022","className":"text-blue-600 hover:underline","children":"Restrict malicious html but allow < or > symbols"}]}],["$","li","10040538",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10040538","className":"text-blue-600 hover:underline","children":"Allow and Limit some HTML characters"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to allow some html tags and disallow others?

Answers (2)

Related Questions