How do I allow inline images with data urls on .NET 4 without triggering request validation?

Question

I'm using the jQuery jstree plugin (http://jstree.com) in a ASP.NET MVC 2 project on .NET 4 RC, and running on IIS 7.5. It comes with some stylesheets with inline images with data urls, like this:

.tree-checkbox ul { background-image:url(data:image/gif;base64,R0lGODlhAgACAIAAAB4dGf///yH5BAEAAAEALAAAAAACAAIAAAICRF4AOw==); }

Now, the url for the background image contains a colon, which .NET 4 thinks is an unsafe character, so I get this error message:

A potentially dangerous Request.Path value was detected from the client (:).

According to the documentation, I am supposed to be able to prevent this by adding

<system.web>
<httpRuntime requestValidationMode="2.0"/>
<pages validateRequest="false"/>
<system.web>

to my Web.config, but that doesn't seem to help. I have tried adding it to the main Web.config for the application, as well as to a special Web.config in the /config folder, but to no avail.

Is there any way to get .NET to allow this?

Answer 1

Are you using IIS7?

IIS7 validates requests differently and you have to "revert" its behavior to ignore potentially dangerous requests.

 <system.web>
    <httpRuntime requestValidationMode="2.0"/>
 </system.web>