Asp.net-mvc – Html.BeginForm() works fine, Html.BeginForm(“action”,”controller”) ignores [AllowHtmlAttribute]

asp.net-mvcasp.net-mvc-4tinymce

I'm using TinyMCE editor on admin panel of my site, so i decorate the model properties (target of tinymce) with [AllowHtml] and i use Html.BeginForm() in views. When i submit form with HTML fields all work fine.

But i have a problem if i use the overload Html.BeginForm("action","controller") in the same way, it skips the [AllowHtml] and throw the well-know Request.form exception.
I'm forced to use [ValidateInput(false)] on Action-Method to make it work without exception.
Do you know why? Thanks in advance for the clarification,

This is the scenario / Project: Asp.net Mvc 4:

Model / Ricetta.cs

..
[Required(ErrorMessage = "Corpo Articolo vuoto")]
[AllowHtml]
public string corpoTesto { get; set; }
..

Controller / RicetteController.cs

..
    [HttpPost]
    [ValidateAntiForgeryToken]
    public ActionResult Create(RicettaViewModel modelloRicetta)
    {
        if (ModelState.IsValid) {
..

View Ricette/Create Called from another Action Method in RicetteController as View("Create", modelObject)

 @model WebAPP_MVC4.Areas.Admin.Models.RicettaViewModel
 ...
 @using (Html.BeginForm("Create","Ricette",FormMethod.Post)){
 @Html.AntiForgeryToken()
 @Html.ValidationSummary(true)

....

<fieldset>
    <legend>Corpo Ricetta ~</legend>
    <div class="editor-label">
        @Html.LabelFor(p=>p.ricetta.corpoTesto)
    </div>
    <div class="editor-field">
        @Html.TextAreaFor(p=>p.ricetta.corpoTesto, new { @cols = 60, @rows = 20})
        @Html.ValidationMessageFor(p=>p.ricetta.corpoTesto)
    </div>
 </fieldset>
..

Best Answer

I made quick test and everything works perfectly there is no difference in behavior between Html.BeginForm() and Html.BeginForm("action","controller"). Maybe the reason of this issue is in the source code which you didn't show us.

Below my code(works):
VieModel:

public class PostViewModel
{
    [AllowHtml]
    [Required]
    public string Content { get; set; } 
}

Controller: 

public ActionResult Index()
{
    return View("Create", new PostViewModel());
}

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Create(PostViewModel model)
{
    if (ModelState.IsValid)
    {
        return Index();
    }
    return View(model);
}

View:

@model SendHTmlTpControler.Models.PostViewModel

<html>
<head>
    <script src="~/Scripts/tinymce/tiny_mce.js"></script>

    <script type="text/javascript">
        tinymce.init({
            selector: "textarea",
            toolbar: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
        });
    </script>
</head>
<body>
    <h2>Create</h2>

    @using (Html.BeginForm("Create", "Home", FormMethod.Post))
    {
        @Html.AntiForgeryToken()
        @Html.ValidationSummary(true)

        <div class="editor-label">
            @Html.LabelFor(model => model.Content)
        </div>
        <div class="editor-field">
            @Html.TextAreaFor(model => model.Content, new { @cols = 60, @rows = 20 })
            @Html.ValidationMessageFor(model => model.Content)
        </div>

        <p>
            <input type="submit" value="Save" />
        </p>
    }

</body>
</html>
Related Topic