Bruno Lopes - 296 - Mar 17, 2014

What is the correct way to “teach” ServiceStack about unserializing IHtmlString (and MvcHtmlString)?

Adding “JsConfig<HtmlString>.RawDeserializeFn = c => new HtmlString©;” would work only for JSON and not form submits, for instance.

Is there a central place to hook into?

There can’t be any, each serializer have their own impl specific behavior.
I personally wouldn’t be putting C# classes like HtmlString on any DTO’s.

Bruno Lopes:

Can you point me towards the serializer for form-data ? I don’t mind (much) implementing custom serializers for this type. 

I’m considering using HtmlString on the DTO as a clear signal that such fields have HTML content and will be sanitized, in opposition to regular strings that will always be encoded. It would also simplify sanitization, which could happen on fields of that type, while other strings are always encoded.

There’s no “serializer” for FormData, it’s executed as part of the request binding, these lines read and populate from the FormData:
https://github.com/ServiceStack/ServiceStack/blob/master/src/ServiceStack/Host/RestHandler.cs#L143-L144

You can override this behavior using a custom request binder: 
https://github.com/ServiceStack/ServiceStack/wiki/Serialization-deserialization#create-a-custom-request-dto-binder