asp.net core did not implement html filtering on parameters, so [AllowHtml] is not required, nor does it have any effect.
What is the equivalent of AllowHtml in .Net 6 (CORE) ?
Hi,
What is the equivalent code to it in Asp.net MVC Core 6.
public class ContentVM
{
public int Id { get; set; }
[Required(ErrorMessage = "Please Enter Content")]
[DisplayName("Rich Text")]
[AllowHtml]
public string Content { get; set; }
}
I just changed it as follow
public class ContentVM
{
public int Id { get; set; }
[Required(ErrorMessage = "Please Enter Content")]
[DisplayName("Rich Text")]
[DisplayFormat(HtmlEncode = true)]
public string Content { get; set; }
}
Is it fine now or Do I need to change something more ?
2 additional answers
Sort by: Most helpful
-
Xinran Shen - MSFT 2,091 Reputation points
2022-07-22T02:00:21.187+00:00 You don't need
[AllowHtml]
inAsp .Net Core
any more, You can just use asp-for to bind it in HTML .Here is a document about
Prevent Cross-Site Scripting (XSS) in ASP.NET Core
. Hope it can help you.-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.Best regards,
Xinran Shen -
Mark B 0 Reputation points
2024-07-01T16:44:14.8333333+00:00 I am trying to POST a JSON object and one of the properties is Text that could include HTML from a TextArea. using MVVM to POST to Controller...No errors, but Property is NULL on the server...Do I have to do something client OR server side to allow it through? If I just post regular string, using MVVM, it works fine. Thanks.