I'm using MVC 3 and Razor.
I have a page where you can create a Vendor. On the front-end, a vendor's page has 3 things: A name, a description (HTML), and multiple tabs that contain HTML. My client wants the tabs to be dynamic, they want to be able to add/edit/delete tabs and content when they add a vendor.
So here's my database design:
Vendors
-------------------
VendorID (PK)
Name
Description
VendorTabs
-------------------
VendorTabID (PK)
VendorID (FK)
Title
Content
Here's my view model:
public class VendorViewModel
{
[ScaffoldColumn(false)]
public int VendorId { get; set; }
public string Name { get; set; }
[AllowHtml]
public string Description { get; set; }
}
And my controller post method:
[HttpPost]
public ActionResult Create(VendorViewModel viewModel, string[] tabTitles, string[] tabContent)
{
var vendor = new Vendor();
vendor.Name = viewModel.Name;
vendor.Description = viewModel.Description;
if (ModelState.IsValid)
{
for (int i = 0; i < tabTitles.Length; i++)
{
vendor.VendorTabs.Add(new VendorTab
{
VendorID = vendor.VendorID,
Title = tabTitles[i],
Content = tabContent[0]
});
}
_vendorsRepository.SaveVendor(vendor);
return RedirectToAction("Index");
}
return View(viewModel); // validation error, so redisplay same view
}
In my view, I have functionality to dynamically add/remove fields for a tab title and a tab description. They are passed to the controller through the arrays tabTitles
and tabContent
. But when I post the form with HTML in the dynamic tab content, I get the following error:
A potentially dangerous Request.Form value was detected from the client
I ran into this problem before, with the Description field for my Vendor. After some research, I saw that I can add the AllowHtml
annotation.
How can I apply the same functionality to my dynamic content?