3

I’m getting an HttpRequestValidationexception with this error message:

“A potentially dangerous Request.Form value was detected from the client”.

But I have AllowHtml on the property that I’m getting the error. The problem is that later in my code I’m getting the following property to know in witch format I will show my view ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format"). And on this “Param Getter” I’m getting the error.

Let’s say my code is similar to the following:

public class House
{
    [AllowHtml]
    public string Text { get; set; }
    public string Name { get; set; }
}

[HttpPost, ValidateAntiForgeryToken]
public ActionResult CreateTopic(House h)
{
 //business code
 if(ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format"))
 {
    Return view;
 }
 }

How can I solve this? I already try with the ValidateInput(false) attribute on the controller action method. Any idea?

Improve this question

1 Answer 1

Reset to default
5

Try adding this to your web.config in the <system.web> section:

<httpRuntime requestValidationMode="2.0"/>

Then include the [ValidateInput(false)] attribute back on your action.

Scott Hansleman explains this feature here.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ok, but I putting in danger my application with this? What does requestValidationMode="2.0" ? It will still valid the rest of the inputs?
Yes it will, it just enables you to turn off input validation for specified actions by using the [ValidateInput] decorator. I've added a detailed article about this feature to the original answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.