Hi,
I added:
<pages validateRequest="false">
to my web.config but I am still getting the error:
A potentially dangerous Request.Form value was detected from the
I added it to the view page also and still getting the error.
How can this be?
views:
193answers:
1
+6
A:
In MVC, request validation has to be done at the controller level instead of at the page level because the controller is processing input, not the page. If request validation were done at the page level, then the controller would happily process malicious input (and potentially commit it to the database!) before the validation check ever took place.
[ValidateInput(false)]
David Liddle
2009-06-19 01:41:10
Can I do this globally somehow?
mrblah
2009-06-19 02:54:55
You should be able to put the attribute on the controller class itself which should have the effect of applying it to all actions within.
dhulk
2009-06-19 04:13:18