Menu
I have on my model:
public class EmailTemplateModel
{
public int EmailTemplateId { get; set; }
[Required]
public string Name { get; set; }
[Required]
public string Subject { get; set; }
[AllowHtml]
[Required]
public string Content { get; set; }
}
And on my controller:
[ValidateInput(false)]
public ActionResult AddNewTemplate(EmailTemplateEditorModel model)
{
}
Yet I am getting the following error:
A potentially dangerous Request.Form value was detected from the client
Why am I getting these errors even though this check should be disabled using the ValidateInput/AllowHtml attributes? Looking at other posts its not clear if I need both or just one of these attributes...
791
We can resolve your reported problem (A potentially dangerous Request. Form value was detected from the client) in ASP.NET Application. To resolve your problem, we need add the validateRequest as false in pages tag and add requestValidationMode as 2.0 in Web. config file.
ValidateInput(false) attribute is used to allow sending HTML content or codes to server which by default is disabled by ASP.Net MVC to avoid XSS (Cross Site Scripting) attacks.
ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. This error description means some one entered HTML markup or script which can be dangerous to the server.
You need to add
<httpRuntime requestValidationMode="2.0" />
to your web.config. See ASP.Net 4.0 Breaking Changes. Despite confusing configuration value, this is a breaking change between 3.5 and 4.0 - validation now runs earlier in the pipeline, before MVC gets a chance to disable it based on your attributes.
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
