Integrating the TinyMCE Rich Text Editor
I ve been working on a page to add method descriptions for the recipes. The most simple solution for this would be a large text area allowing the user to add multiple lines of text for the recipe method. However I think this would be too limiting for the users and also offer poor formatting when the completed recipes are viewed. A better solution is to use a rich text editor which allows users to entered formatted text and generates HTML to use on the recipe views.
The editor had to allow the users to enter formatted text including paragraphs, text highlighting, numbered and bulleted lists. It was also important that the editor could be limited to prevent users entering content which would break the styling of the site. For example no image tags should be entered in the method as there is already a separate image property for each recipe. Fortunately I ve had experience using the TinyMCE rich text editor from working on N2 CMS based websites at work and this editor meets all of the requirements.
Disable Input Validation
The editor generates HTML which is posted back to the server when the page is submitted. However by default MVC throws an exception as the postback contains HTML tags:
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (CookingMethod=”<p>A Test method</p> <u…”).
To prevent this exception from being thrown the page validation must be disabled. This is done by adding the [ValidateInput(false)] attribute to the controllers action method which is called when the page is submitted.
Protect Against Unwanted HTML / XSS
Protect Against CSRF
While I was in the area of security I thought I may as well increase the protection of the form to cross site request forgery (CSRF) attacks. Steve Sanderson has already written a full blog post on this subject (among others I m sure) so I won t go into detail on this. Suffice to say I thought it was worth adding as it only takes 5 minutes and provides an extra level of protection which may be needed later.