Display Friendly Error Message When Html tag is entered in a text Box- MVC ASP.NET

Question

I have requirement of validating user input in a text box. Whenever a html tag is entered it should display the same view with friendly error message like \"Cannot enter htm

Answer 1

You could use the [AllowHtml] attribute:

[AllowHtml]
[RegularExpression (@"^[^<>]*$", ErrorMessage = "You have entered html... Html is not a valid input!" )]
public string SomePropertyThatShouldNotAcceptHtml { get; set; }

Obviously before storing in the database you should ensure that the contents is safe:

[HttpPost]
public ActionResult Save(MyViewModel model)
{
    if (!ModelState.IsValid) 
    {
        // the model is invalid => redisplay view
        return View(model);
    }

    // the model passed validation => store in the database    
    ...
    return RedirectToAction("Success");
}

And if you are afraid of XSS you could use the AntiXSS library which will filter out all the dangerous scripts from the HTML. You could even write a custom model binder which will perform this step and automatically assign only a safe HTML value to the property.