ASP.NET MVC has built-in request validation support that
helps automatically protect against XSS and HTML injection attacks.
Sometimes, though, you want to explicitly turn off request validation for some
scenarios where you want users to be able to post HTML content (for example:
blog authoring or CMS content editing).
You can now add a [SkipRequestValidation] attribute to
models or viewmodels that disables request validation on a per-property basis
during model binding:
Adding the above attribute to your model/viewmodel enables
you to set it once and have it apply in all scenarios.