Move call to AddPackageOwner to requrie an object so we can allow html characters for message only.

Author: ryuyu

src/NuGetGallery/Controllers/JsonApiController.cs

@@ -103,8 +103,12 @@ public virtual ActionResult GetPackageOwners(string id)
 
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public async Task<JsonResult> AddPackageOwner(string id, string username, string message)
+        public async Task<JsonResult> AddPackageOwner(AddPackageOwnerViewModel addOwnerData)
         {
+            string id = addOwnerData.Id;
+            string username = addOwnerData.Username;
+            string message = addOwnerData.Message;
+
             if (Regex.IsMatch(username, GalleryConstants.EmailValidationRegex, RegexOptions.None, GalleryConstants.EmailValidationRegexTimeout))
             {
                 return Json(new { success = false, message = Strings.AddOwner_NameIsEmail }, JsonRequestBehavior.AllowGet);

src/NuGetGallery/NuGetGallery.csproj

@@ -748,6 +748,7 @@
     <Compile Include="Telemetry\UserPackageDeleteOutcome.cs" />
     <Compile Include="UrlHelperExtensions.cs" />
     <Compile Include="ViewModels\AddOrganizationViewModel.cs" />
+    <Compile Include="ViewModels\AddPackageOwnerViewModel.cs" />
     <Compile Include="ViewModels\CompositeLicenseExpressionSegmentViewModel.cs" />
     <Compile Include="ViewModels\DeleteOrganizationViewModel.cs" />
     <Compile Include="ViewModels\DeleteUserViewModel.cs" />

src/NuGetGallery/ViewModels/AddPackageOwnerViewModel.cs

@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Web.Mvc;
+
+namespace NuGetGallery
+{
+    public class AddPackageOwnerViewModel
+    {
+        public string Id { get; set; }
+        public string Username { get; set; }
+
+        [AllowHtml]
+        public string Message { get; set; }
+    }
+}