This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 91%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi,
What is the equivalent code to it in Asp.net MVC Core 6.
public class ContentVM
{
public int Id { get; set; }
[Required(ErrorMessage = "Please Enter Content")]
[DisplayName("Rich Text")]
[AllowHtml]
public string Content { get; set; }
}
I just changed it as follow
public class ContentVM
{
public int Id { get; set; }
[Required(ErrorMessage = "Please Enter Content")]
[DisplayName("Rich Text")]
[DisplayFormat(HtmlEncode = true)]
public string Content { get; set; }
}
Is it fine now or Do I need to change something more ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
asp.net core did not implement html filtering on parameters, so [AllowHtml] is not required, nor does it have any effect.
Thank you @Bruce (SqlWork.com) .
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 41%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXS%3C/text%3E%3C/svg%3E)
You don't need [AllowHtml] in Asp .Net Core any more, You can just use asp-for to bind it in HTML .
Here is a document about Prevent Cross-Site Scripting (XSS) in ASP.NET Core. Hope it can help you.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Xinran Shen
Thank You @Xinran Shen - MSFT
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 50%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
I am trying to POST a JSON object and one of the properties is Text that could include HTML from a TextArea. using MVVM to POST to Controller...No errors, but Property is NULL on the server...Do I have to do something client OR server side to allow it through? If I just post regular string, using MVVM, it works fine. Thanks.