Validation detected dangerous client input - post from TinyMCE in ASP.NET

Question

I get this error when I post from TinyMCE in an ASP.NET MVC view.

Error:

Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted

From googling, it says to just add a validateRequest in the Page directive at the top which I did, but I STILL get this error. As you can see, below is my code in the view:

<%@ Page validateRequest="false" Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %>

Answer 1

Try this solution. simply add to TinyMce control

tinyMCE.init({
...
encoding : "xml"
});

http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/encoding

http://blog.tentaclesoftware.com/archive/2010/07/22/96.aspx

Answer 2

Try using the [AllowHtml] attribute in your model.

class MyModel{
 [AllowHtml]
 public string Content{get;set;}
}

Answer 3

Use the decorator [ValidateInput(false)].

You will then want to write a HTMLEncode method to make it safe.

Let me know if you want me to post the one I use.

Added the Encode I use

    public static class StringHelpers
{
    public static string HtmlEncode(this string value)
    {
        if (!string.IsNullOrEmpty(value))
        {
            value = value.Replace("<", "&lt;");
            value = value.Replace(">", "&gt;");
            value = value.Replace("'", "&apos;");
            value = value.Replace(@"""", "&quot;");
        }
        return value;
    }

    public static string HtmlDecode(this string value)
    {
        if (!string.IsNullOrEmpty(value))
        {
            value = value.Replace("&lt;", "<");
            value = value.Replace("&gt;", ">");
            value = value.Replace("&apos;", "'");
            value = value.Replace("&quot;", @"""");
        }

        return value;
    }
}