Asp.Net MVC Input Validation still firing after being disabled | ansaurus

tags:

views:

36

answers:

1

+1 Q:

Asp.Net MVC Input Validation still firing after being disabled

I've disabled validateRequest in my web.Config, but the app is still firing the error:

A potentially dangerous Request.Form value was detected from the client

I've got the following in my web.Config

    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false">

I've also tried the following in my controller to no avail

<ValidateInput(False)> _
<AcceptVerbs(HttpVerbs.Post)> _
Function Edit(ByVal user As Domain.User, ByVal id As Integer) As ActionResult

+1 A:

Answer found http://stackoverflow.com/questions/807662/why-is-validateinputfalse-not-working

You have to set the ValidInput in the Controller AND in the web.Config.

    <httpRuntime requestValidationMode="2.0"/>

rockinthesixstring 2010-06-28 20:10:28

related questions

Why does this remote script cause IE6 to hang?

HTTP input filter like mod_security for WebSphere?

Should I sanitize HTML markup for a hosted CMS?

HTML/Javascript app that runs on the filesystem, security issue

Gracefully closing a frame (toolbar) around an iframe

What's the best method for sanitizing user input with PHP?

How do you htmlencode using html agility pack?

XSS Blacklist - Is anyone aware of a reasonable one?

Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?

What percentage of my time will be spent in user input verfication during web development?

How do you allow the usage of an <img> while preventing XSS?

What are the best practices for avoid xss attacks in a PHP site

How do use fckEditor safely, without risk of cross site scripting?

Will HTML Encoding prevent all kinds of XSS attacks?

Inform potential clients about security vulnerabilities?

Best Practice: Legitimate Cross-Site Scripting

Access to restricted URI denied code: 1012

How do you set up use HttpOnly cookies in PHP

When is it Best to Sanitize User Input?

How exactly do you configure httpOnlyCookies in ASP.NET?

How do you configure HttpOnly cookies in tomcat / java webapps?

Communicating between websites (using Javascript or ?)

Best regex to catch XSS (Cross-site Scripting) attack (in Java)?

Sanitising user input using Python

Catching SQL Injection and other Malicious Web Requests