Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to avoid HttpRequestValidationException in ASP.NET MVC rendering the same view which caused the exception

I just want to know how to validate (or clean) user input in ASP.NET MVC so that an HttpRequestValidationException will not be thrown regardless of the values submitted. For example, with a text input, if the user inputs <BR/>, it will cause an exception and the Yellow Screen of Death will be shown. I don't want that. I want to catch the exception and to make visible an user friendly error in the current view, preferably with the controls loaded with the same values submitted.

I have found this http://www.romsteady.net/blog/2007/06/how-to-catch-httprequestvalidationexcep.html, but it is useless for my purpose. Also, I have found this http://msdn.microsoft.com/en-us/library/aa973813.aspx and tried to put inside a model binder but I couldn't make to work.

like image 267
eKek0 Avatar asked Oct 30 '08 02:10

eKek0


People also ask

What is mvc6?

MVC 6 is a part of ASP.NET 5 that has been designed for cloud-optimized applications. The runtime automatically picks the correct version of the library when our MVC application is deployed to the cloud. The Core CLR is also supposed to be tuned with a high resource-efficient optimization.


1 Answers

With the latest version of ASP.NET MVC (the RC, at the time of writing this) you can just put an attribute on either your controller class or your action method, e.g.:

[ValidateInput(false)] public ActionResult create() {     // ...method body } 

The ValidateInputAttribute is in System.Web.Mvc.

But as others have said, you do then have to perform your own manual input validation or cleaning.

Using MVC 3, you must also ensure this is in your Web.config: <system.web><httpRuntime requestValidationMode="2.0" /></system.web>

like image 142
user66787 Avatar answered Sep 20 '22 21:09

user66787