Ajax post doesn't work with html in parameters in combination with .net 4 framework

Question

After upgrading our project to the .net 4.0 framework (from 3.5), we facing some problems with ajax calls with html in the parameters. As soon as the user enters some html in a text area the ajax call isn't executed anymore. If the user enters plain text only, there is no problem.

   <script language="javascript">
/* Doesn't work */
var html = "<p>test</p>";
var body = "default.aspx?html=" + urlEncode(html);
var des = new AJAXInteraction(url, handleResponse, 'saveloader');
des.doPost(body);

/* Work */
var html = "test";
var body = "default.aspx?html=" + urlEncode(html);
var des = new AJAXInteraction(url, handleResponse, 'saveloader');
des.doPost(body);
</script>

Anyone any idea?

Answer 1

Probably setting validateRequest in your page directive to false, will solve your problem. Do this in the Page you're posting to:

<%@ Page validateRequest="false" %>

ASP.NET by default checks requests for potentially dangerous inputs like HTML code and blocks such requests. Keep in mind that you have to sanitize the input yourself when disabling request validation!

You can read more about it here: http://www.asp.net/learn/whitepapers/request-validation

Answer 2

Found the answer here: http://dotnetguts.blogspot.com/2010/06/validaterequestfalse-not-working-in-net.html. In ASP.NET 4, by default, request validation is enabled for all requests and the validateRequest setting per page is ignored.

To revert to the behavior of the ASP.NET 2.0 request validation feature, add the following setting in the Web.config file:

<system.web>
 <httpRuntime requestValidationMode="2.0" />
</system.web>