AllowHtmlAttribute Class

 

Allows a request to include HTML markup during model binding by skipping request validation for the property. (It is strongly recommended that your application explicitly check all models where you disable request validation in order to prevent script exploits.)

Namespace:   System.Web.Mvc
Assembly:  System.Web.Mvc (in System.Web.Mvc.dll)

Inheritance Hierarchy

System.Object
  System.Attribute
    System.Web.Mvc.AllowHtmlAttribute

Syntax

[AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple = false, 
    Inherited = true)]
public sealed class AllowHtmlAttribute : Attribute, IMetadataAware
[AttributeUsageAttribute(AttributeTargets::Property, AllowMultiple = false, 
    Inherited = true)]
public ref class AllowHtmlAttribute sealed : Attribute, IMetadataAware
[<Sealed>]
[<AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple = false,
    Inherited = true)>]
type AllowHtmlAttribute = 
    class
        inherit Attribute
        interface IMetadataAware
    end
<AttributeUsageAttribute(AttributeTargets.Property, AllowMultiple := False,
    Inherited := True)>
Public NotInheritable Class AllowHtmlAttribute
    Inherits Attribute
    Implements IMetadataAware

Constructors

Name Description
System_CAPS_pubmethod AllowHtmlAttribute()

Initializes a new instance of the AllowHtmlAttribute class.

Properties

Name Description
System_CAPS_pubproperty TypeId

(Inherited from Attribute.)

Methods

Name Description
System_CAPS_pubmethod Equals(Object)

(Inherited from Attribute.)

System_CAPS_pubmethod GetHashCode()

(Inherited from Attribute.)

System_CAPS_pubmethod GetType()

(Inherited from Object.)

System_CAPS_pubmethod IsDefaultAttribute()

(Inherited from Attribute.)

System_CAPS_pubmethod Match(Object)

(Inherited from Attribute.)

System_CAPS_pubmethod OnMetadataCreated(ModelMetadata)

This method supports the ASP.NET MVC validation infrastructure and is not intended to be used directly from your code.

System_CAPS_pubmethod ToString()

(Inherited from Object.)

Explicit Interface Implementations

Name Description
System_CAPS_pubinterfaceSystem_CAPS_privmethod _Attribute.GetIDsOfNames(Guid, IntPtr, UInt32, UInt32, IntPtr)

(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod _Attribute.GetTypeInfo(UInt32, UInt32, IntPtr)

(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod _Attribute.GetTypeInfoCount(UInt32)

(Inherited from Attribute.)

System_CAPS_pubinterfaceSystem_CAPS_privmethod _Attribute.Invoke(UInt32, Guid, UInt32, Int16, IntPtr, IntPtr, IntPtr, IntPtr)

(Inherited from Attribute.)

Remarks

By default, the ASP.NET MVC framework checks requests during model binding to determine whether they contain potentially dangerous content as HTML markup. If HTML is detected, model binding throws an error.

If a property is marked with the AllowHtmlAttribute attribute, the ASP.NET MVC framework skips validation for that property during model binding. For more information, see the entry Granular Request Validation in ASP.NET MVC on Marcin Dobosz's blog.

System_CAPS_warningWarning

Allowing HTML input is a potential security threat. For more information, see .Unable to find linked topic '772c7312-211a-4eb3-8d6e-eec0aa1dcc07'.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

System.Web.Mvc Namespace

Return to top