Can we set ValidatInput(false) for only one element?

It's easy to set our action not to validate the input just hooking up the attribute like

[HttpPost, ValidateInput(false)]
public ActionResult Signup(SignupModel model)
{
    ... 
}

But I was wondering, is there a way to only do this in just one form field? and not all of them in the actual <form>

or, I have to use this and then w开发者_Go百科orry about encoding properly all other fields?

You should not rely on ValidateInput to 'encode' your values. It doesn't encode values - it just rejects some values outright. And even if you use it, you still must encode all your values that are user-entered and displayed on the site in any way.

In fact, because of that - I've never used that validation myself. For example, if all I did was rely on that validation, people would not be able to enter some very basic things in forms like this one, such as trying to show example HTML.

But even the MSDN documentation and every book I've read said that the ASP.NET validation there does not protect you against every possible malicious input. So essentially, you can not rely on it to protect your users. You still must encode values you are displaying (and you should encode them only as you are displaying them, otherwise you'll end up with all sorts of display bugs where you've double-encoded things)

Using MVC3 , the attribute can be applied to Model by specifying SkipRequestValidation.