AllowHtmlAttribute Class
Allows a request to include HTML markup during model binding by skipping request validation for the property. (It is strongly recommended that your application explicitly check all models where you disable request validation in order to prevent script exploits.)
Inheritance Hierarchy
System.Object
System.Attribute
System.Web.Mvc.AllowHtmlAttribute
Namespace: System.Web.Mvc
Assembly: System.Web.Mvc (in System.Web.Mvc.dll)
Syntax
'Declaration
<AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple := False, _
Inherited := True)> _
Public NotInheritable Class AllowHtmlAttribute _
Inherits Attribute _
Implements IMetadataAware
'Usage
Dim instance As AllowHtmlAttribute
[AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple = false,
Inherited = true)]
public sealed class AllowHtmlAttribute : Attribute,
IMetadataAware
[AttributeUsageAttribute(AttributeTargets::Property, AllowMultiple = false,
Inherited = true)]
public ref class AllowHtmlAttribute sealed : public Attribute,
IMetadataAware
public final class AllowHtmlAttribute extends Attribute implements IMetadataAware
The AllowHtmlAttribute type exposes the following members.
Constructors
| Name | Description | |
|---|---|---|
.jpeg "Public method") |
AllowHtmlAttribute | Initializes a new instance of the AllowHtmlAttribute class. |
Top
Properties
| Name | Description | |
|---|---|---|
.jpeg "Public property") |
TypeId | (Inherited from Attribute.) |
Top
Methods
| Name | Description | |
|---|---|---|
|
Equals | (Inherited from Attribute.) |
.jpeg "Protected method") |
Finalize | (Inherited from Object.) |
|
GetHashCode | (Inherited from Attribute.) |
|
GetType | (Inherited from Object.) |
|
IsDefaultAttribute | (Inherited from Attribute.) |
|
Match | (Inherited from Attribute.) |
|
MemberwiseClone | (Inherited from Object.) |
|
OnMetadataCreated | This method supports the ASP.NET MVC validation infrastructure and is not intended to be used directly from your code. |
|
ToString | (Inherited from Object.) |
Top
Explicit Interface Implementations
| Name | Description | |
|---|---|---|
.jpeg "Explicit interface implemetation") .jpeg "Private method") |
_Attribute.GetIDsOfNames | (Inherited from Attribute.) |
|
_Attribute.GetTypeInfo | (Inherited from Attribute.) |
|
_Attribute.GetTypeInfoCount | (Inherited from Attribute.) |
|
_Attribute.Invoke | (Inherited from Attribute.) |
Top
Remarks
By default, the ASP.NET MVC framework checks requests during model binding to determine whether they contain potentially dangerous content as HTML markup. If HTML is detected, model binding throws an error.
If a property is marked with the AllowHtmlAttribute attribute, the ASP.NET MVC framework skips validation for that property during model binding. For more information, see the entry Granular Request Validation in ASP.NET MVC on Marcin Dobosz's blog.
Warning
Allowing HTML input is a potential security threat. For more information, see Script Exploits Overview.
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.