Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

A potentially dangerous Request.Form value was detected

Tags:

I have a form with the wmd editor on it. The input text area is rendered using:

<%: Html.TextAreaFor(t => t.NewsBody, new{@class="wmd-panel", id="wmd-input"}) %>

Every time I submit the form I get A potentially dangerous Request.Form value was detected from the client

I tried setting [ValidateInput(false)] on the action method, I tried adding <httpRuntime requestValidationMode="2.0" /> to the web.config and I've tried validateRequest="false" in the pages directive in web.config but it's still happening.

Any ideas?

Edit

Action method:

 [ILFFAuthorize(Roles = "Admin")] // this is a custom auth attrobite         [HttpPost]         [ValidateInput(false)]         public ActionResult AddNews(FormCollection col){          //public ActionResult AddNews(News news)         //{             if (ModelState.IsValid)             {                 News news = new News();                 news.NewsDate = DateTime.Now;                 news.NewsPosterId = 0;                  news.NewsTitle = col["NewsTitle"];                 news.NewsBody = col["NewsBody"];                 newsRepository.Add(news);                 newsRepository.Save();                  return RedirectToAction("Index", "Home");             }             else             {                 return View();             }         }
like image 566
AndrewC Avatar asked May 09 '11 12:05

AndrewC

People also ask

How do you fix potentially dangerous request form value was detected from the client?

We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.

Is a potentially dangerous request?

ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. This error description means some one entered HTML markup or script which can be dangerous to the server.

What is request validation mode?

Request validation is a feature in ASP.NET that examines an HTTP request and determines whether it contains potentially dangerous content. In this context, potentially dangerous content is any HTML markup or JavaScript code in the body, header, query string, or cookies of the request.

1 Answers

You need to place this on top of your [HttpPost] action method

    [HttpPost]     [ValidateInput(false)]     public ActionResult Edit(FormCollection collection) {        .....     }

If you are using MVC3 then you should't use [ValidateInput(false)] but use [AllowHtml] which is explained here: http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/

also: try putting [ValidateInput(false)] above your [HttpPost] not under, As I remember, these get executed top to bottom.

like image 110
Stefanvds Avatar answered Sep 21 '22 15:09

Stefanvds
Sign in to Comment

Related questions

Can I find the MAC address of my Access point in Android?
macports didn't place python_select in /opt/local/bin
Is there a way to access the columns in a Dapper FastExpando via string or index?
Force GSON to use specific constructor
What are fortunes?
Getting PySide to work with matplotlib
What does RtlInitializeExceptionChain do, and how can I reduce its execution overhead?
problem with rspec test, undefined method 'post'
Is there any way to ask permission programmatically?
Make background fade out/in
Is it possible to disable meta refresh in Google Chrome?
Permissions on log files created by log4j RollingFileAppender

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!