0

I have a field in my view, called Comments and every time I include the < in before any other character(letters, etc) in the 'input', the action controller is not being called, I think is because is not being able to parse correctly to string,

This is how the property in my class is declared:

 [Display(Name = "Comments"), DataType(DataType.MultilineText)]
 public string my_comments { get; set; }

It works fine when I enter any word, for example:

dog, [email protected], >asa?

But if I try something like:

<[email protected]>, <p, <asa>, asasd<f

the action is not being called and I think is because this is not being able to parse the input to an string...

If I include the < character at the end, no problem it pass.., for example:

ddd<

I'm using JQuery in my view:

  $("#btnSubmit").click(function () {  
 $.ajax({
                type: 'post',
                url: $("#btnSubmit").data("url"),
                data: $("#formEd").serialize(),              
                success: function (result) {
....
}})
})

Html:

 <div class="form-group">
        <div class="control-label col-md-2">Comments</div>
        <div class="col-md-5">
            @Html.EditorFor(model => model.my_comments , new { htmlAttributes = new { @class = "form-control" } })
            @Html.ValidationMessageFor(model => model.my_comments , "", new { @class = "text-danger" })
        </div>
    </div>

And my action controller:

[HTTPPost]
public ActionResult MyAction(MyClass parameter) // where MyClass contains the my_comments property...
Improve this question

1 Answer 1

Reset to default
1

You can add an attribute to disable the input validation, but you have to make sure you are certain you want to allow html. 

[ValidateInput(false)]
[HTTPPost]
public ActionResult MyAction(MyClass parameter)

you can also add the attribute to your variable to allow have html. 

 [Display(Name = "Comments"), DataType(DataType.MultilineText)]
 [AllowHtml]
 public string my_comments { get; set; }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It worked, I will select your answer as soon as the required minutes to select it goes, one question: why the input validation doesn't allow the < character before any other character in this case?
because it think it might be html or script, and for security reasons does not allow it to be sent in post.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.