ASP.NET 4.5 A potentially dangerous Request.Form value was detected from the client

Question

I have a WYSIWYG editor embedded on a user control that obviously goes into a web page. When I submit the page, I am getting the "A potentially dangerous Request.Form value was detected from the client" exception. In previous versions of .NET, I would just turn off ValidateRequest for the page.

However, in .NET 4.5, it seems to have a property of ValidateRequestMode. When I set this to disabled, I still continue to get the error. There isn't much out there yet regarding .NET 4.5 errors so does anyone know the solution?

Thanks in advance.

Answer 1

I found the issue. It had to do with the TinyMCE editor needing to have the content encoded prior to the code behind trying to read and post it. The solution was to encode via javascript as m0s suggested. TinyMCE has a built-in option you can set

encoding: "xml"

Which I had set but it doesn't encode apostrophes, which I had in the content. So in order to fix it, you have to add this to the TinyMCE init function on the page:

TinyMCE 3.x

setup: function (ed) {
    ed.onSaveContent.add(function (i, o) {
        o.content = o.content.replace(/&#39/g, "&apos");
    });
}

TinyMCE 4.x

setup: function(editor) {
    editor.on("SaveContent", function(i) {
        i.content = i.content.replace(/&#39/g, "&apos");
    });
}

I found the solution here: http://blog.tentaclesoftware.com/archive/2012/05/21/asp-net-4-0-tinymce-and-ldquoa-potentially-dangerous-request.aspx

Hope that helps someone!

Answer 2

I solved this by adding [AllowHtml] before content property public virtual string content{ get; set; }.