Menu
Has request validation changed for ASP.NET MVC 2, more precisely, not validating?
I did the following:
Web.configs (in App directory and Views directory)
<pages
validateRequest="false"
Controller/Action Attribute
[ValidateInput(false)]
In @Page View Directive
ValidateRequest="false"
The page still gets validated an exception is thrown when HTML content is posted.
UPDATE
Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this
[ValidateInput(false)]
public ActionResult Index(string InputText)
{
ViewData["Message"] = "Welcome to ASP.NET MVC!";
return View();
}
and my View Page
<% using(Html.BeginForm()){ %>
<%= Html.TextBox("InputText") %>
<input type="submit" />
<% } %>
And still the same issue, an exception is thrown.
380
Adding Validation to ModelThe validation attributes specify behavior that you want to enforce on the model properties they are applied to. The Required and MinimumLength attributes indicates that a property must have a value; but nothing prevents a user from entering white space to satisfy this validation.
ModelState. IsValid indicates if it was possible to bind the incoming values from the request to the model correctly and whether any explicitly specified validation rules were broken during the model binding process. In your example, the model that is being bound is of class type Encaissement .
There are two types of validations: Server side Validations. Client Side Validations.
ASP.NET MVC: ValidationMessageFor ValidationMessageFor() is a strongly typed extension method. It displays a validation message if an error exists for the specified field in the ModelStateDictionary object. Visit MSDN to know all the overloads of ValidationMessageFor() method.
I should read the error more carefully next time:
To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"
I put this in the application's web.config
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>
and it worked.
Update:
I was running ASP.NET 4 thats why :P
155
Insert obligatory warning about XSS here.
That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC
I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.
Do you have an HandleErrorAttribute set up anywhere?
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
