A potentially dangerous Request.Form value was detected ASHX httpHandler

Question

I need to accept xml data in a form post to my ashx http handler.

However I get the error "A potentially dangerous Request.Form value was detected.." error when I pull the xml data from request using request.Form.

I can't set validate request to false as it is not an aspx page. What can I do?

e.g.

<textarea rows="12"  cols="50"  name="Post2Data">
 <root>
    <XML>....
 </root>
</textarea>

request.Form["Post2Data"];

Answer 1

You can use the Unvalidated property of the request, e.g.

request.Unvalidated.Form["Post2Data"];

You'll have to check the validity of the Form data yourself. It's inadvisable to set validateRequest = false in production environments since it leaves you vulnerable to cross-site scripting attacks.

Answer 2

You can add following entries in web.config.

<location path="~/YourHandler.ashx">
    <system.web>
      <pages validateRequest="false" />
    </system.web>
</location>
<system.web>
   <compilation debug="true" targetFramework="4.0"/>
   <httpRuntime requestValidationMode="2.0" />
</system.web>