Hello Hyewon,
This behavior is a validation feature enabled in ASP.NET MVC by default. HTML input for certain Actions or ViewModel properties could be allowed by:
- Setting [AllowHtml] attribute on a ViewModel property allows HTML input for this property only. This is the recommended way to enable HTML input:
[Required]
[DisplayName("Product name")]
[AllowHtml]
[Remote("IsProductName_Available", "Validation")]
public string ProductName
{
get;
set;
}- Setting [ValidateInput(false)] attribute on an Action will disable the validation on the whole Action:
[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]
public ActionResult EditingInline_Update([DataSourceRequest] DataSourceRequest request, ProductViewModel product)
{
if (product != null && ModelState.IsValid)
{
productService.Update(product);
}
return Json(new[]{product}.ToDataSourceResult(request,ModelState));
}Further read can be found at the following link: https://www.codeproject.com/Articles/995931/Preventing-XSS-Attacks-in-ASP-NET-MVC-using-Valida
If there is anything else, we could help with, please contact us back.
Regards,
Nikolay
Progress Telerik
Get
quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers.
Learn More.