Geek Answers Handbook

How to display html elements such as links in errors displayed via Html.ValidationSummary ()

One of my error messages displays a link. However, Html.ValidationSummary() encodes it, and therefore it displays the following:

An account already exists with your mobile phone or email. If you forgot your password, please href = "/ account / reset"> reset </ a> it.

Instead, it should look like:

An account already exists with your mobile phone or email. If you have forgotten your password, please reset.

The error is added to the ModelState internal view as follows:

 if (...) { ViewData.ModelState.AddModelError(string.Empty, string.Format("An account with the mobile or email you have specified already exists. If you have forgotten your password, please {0} it.", Html.ActionLink("Reset", "Reset"))); }

In short, how should I prevent Html.ValidationSummarry() selectively / fully encoding html in errors.

+3
source share
1 answer

Current HTML help for displaying error messages does not support this. However, you can write your own HTML helpers that display an error message without escaping HTML, i.e. Will treat the error message as raw HTML.

As a starting point, you can use the ASP.NET MVC source code from Codeplex, in particular the ValidationSummary method of the ValidationSummary class:

  public static string ValidationSummary(this HtmlHelper htmlHelper, string message, IDictionary<string, object> htmlAttributes) { // Nothing to do if there aren't any errors if (htmlHelper.ViewData.ModelState.IsValid) { return null; } string messageSpan; if (!String.IsNullOrEmpty(message)) { TagBuilder spanTag = new TagBuilder("span"); spanTag.MergeAttributes(htmlAttributes); spanTag.MergeAttribute("class", HtmlHelper.ValidationSummaryCssClassName); spanTag.SetInnerText(message); messageSpan = spanTag.ToString(TagRenderMode.Normal) + Environment.NewLine; } else { messageSpan = null; } StringBuilder htmlSummary = new StringBuilder(); TagBuilder unorderedList = new TagBuilder("ul"); unorderedList.MergeAttributes(htmlAttributes); unorderedList.MergeAttribute("class", HtmlHelper.ValidationSummaryCssClassName); foreach (ModelState modelState in htmlHelper.ViewData.ModelState.Values) { foreach (ModelError modelError in modelState.Errors) { string errorText = GetUserErrorMessageOrDefault(htmlHelper.ViewContext.HttpContext, modelError, null /* modelState */); if (!String.IsNullOrEmpty(errorText)) { TagBuilder listItem = new TagBuilder("li"); listItem.SetInnerText(errorText); htmlSummary.AppendLine(listItem.ToString(TagRenderMode.Normal)); } } } unorderedList.InnerHtml = htmlSummary.ToString(); return messageSpan + unorderedList.ToString(TagRenderMode.Normal); }

You can then modify this method to treat the error message as raw HTML.

Two warnings:

  • You change the value of certain properties of the ModelState class. While you are avoiding using your own HTML helpers, a future version of ASP.NET MVC may introduce changes that no longer work with this approach.

  • Be very careful not to use error messages that have not been properly shielded, so you will not expose your web application to XSS attacks. Some standard validation annotations may not work because they do not come out of the HTML error message.

+3
source

More articles:


All Articles