Menu
I am getting this error in my ASP.NET MVC application where I am taking HTML input from a WYSIWYG so I don't want the content validated.
I have attempted the solution I found here but it seems to make no difference in my MVC application. I have also tried doing it in the web.config but again - no joy.
Is this a bug in ASP.NET MVC or something?
745
We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.
ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. This error description means some one entered HTML markup or script which can be dangerous to the server.
AllowHtml attribute is used to allow sending HTML content or codes to server which by default is disabled by ASP.Net MVC to avoid XSS (Cross Site Scripting) attacks. In XSS (Cross Site Scripting) attacks, a hacker tries to inject HTML or JavaScript code to a website via INPUT fields such as TextBoxes, TextAreas, etc.
In MVC you would use the ValidateInput(false) attribute.
You then need to sanitize your inputs, e.g. with something like this (built in to ASP.NET 4.5+; use NuGet package for earlier).
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
