ValidateInput Attribute in MVC

ValidateInput Attribute in ASP.NET MVC Application

In this article, I am going to discuss the ValidateInput Attribute in MVC Application. Please read our previous article where we discussed How To Create Custom OutputCache Attribute in MVC Application. The ValidateInput Attribute is used to allow sending HTML content or codes to the server which by default is disabled by ASP.Net MVC to avoid XSS (Cross-Site Scripting) attacks. This attribute is used to enable or disable request validation. By default, request validation is enabled in ASP.NET MVC.

Let’s understand this with an example. 

Step 1: Create an ASP.NET MVC 5 application using the Empty template. Open Visual Studio and create a New Project. Select File => New => Project

ValidateInput Attribute in ASP.NET MVC

After clicking on the “Project” link a new dialog will pop up. In that we are going to select web templates from the left pane after selecting a web template, we find only one project template in its “ASP.NET Web Application” just select that.

ValidateInput Attribute in ASP.NET MVC

After selecting this project template next we are going to name the project as “validateInputinMVC” and clicking on the OK button a new dialog will pop up with Name “New ASP.NET Project” for selecting project Templates.

ValidateInput Attribute in ASP.NET MVC

In this dialog, we are going to choose the Empty project template and then we are choosing MVC checkbox as the Add folders and code reference for. It will take some to time create the project for us. Once the project is created let us see the folder structure as shown below

ValidateInput Attribute in ASP.NET MVC

Step 2: Add a HomeController.

Right-click on the Controllers folder and select controller which will open a pop up for adding the controller as shown below

ValidateInput Attribute in ASP.NET MVC

Select MVC 5 Controller – Empty and click on Add which will open a new pop up for proving the controller name as shown below.

ValidateInput Attribute in ASP.NET MVC

Provide the controller name as Home and click on Add button which will add HomeController. Then copy and paste the below code in HomeController

public class HomeController : Controller
{
    public ActionResult Index()
    {
        return View();
    }

    [HttpPost]
    public string Index(string comments)
    {
        return "Your Comments: " + comments;
    }
}
Step 3: Add Index.cshtml view.

Right-click on Index action method and select Add View which will open a pop up as shown below

ValidateInput Attribute in ASP.NET MVC

Then click on the Add button which will create the Index.cshtml view. Copy and paste the following code.

@{
    ViewBag.Title = "Index";
    Layout = null;
}
<div style="font-family: Arial">
    @using (Html.BeginForm())
    {
        <b>Comments:</b> 
        <br/>
        @Html.TextArea("comments")
        <br/>
        <br/>
        <input type="submit" value="submit"/>
    }
</div>

Step 4: Run the application and navigate to /Home/Index. Type the text <b>Welcome</b> in the “Comments” textbox and click “Submit” as shown below.

ValidateInput Attribute in ASP.NET MVC
Notice that, we get an error – 

ValidateInput Attribute in ASP.NET MVC

This is because, by default, request validation is turned on in ASP.NET MVC and does not allow you to submit any HTML, to prevent XSS (Cross-site scripting attacks).

However, in some cases, we may want the user to be able to submit HTML tags like <b>,<u>, etc. For this to happen, we need to turn off request validation, by decorating the action method with the ValidateInput attribute as shown below.

namespace validateInputinMVC.Controllers
{
    public class HomeController : Controller
    {
        public ActionResult Index()
        {
            return View();
        }
        [HttpPost]
        [ValidateInput(false)]
        public string Index(string comments)
        {
            return "Your Comments: " + comments;
        }
    }
}

At this point, we should be able to submit comments, with HTML tags in it. 

In the next article, I am going to discuss the RequireHttps Attribute in MVC Application. Here, in this article, I try to explain the ValidateInput Attribute in ASP.NET MVC application step by step with a simple example. I hope this article will help you with your need. I would like to have your feedback. Please post your feedback, question, or comments about this article.

2 thoughts on “ValidateInput Attribute in MVC”

Leave a Reply

Your email address will not be published. Required fields are marked *