tags:

views:

45

answers:

3
Q: 

"A potentially dangerous Request.Form..." error in MVC 2.0

ValidateInputAttribute, ValidateInput, httpRuntime requestValidationMode="2.0" in web.config (system.web) all do not fix, also the "ValidateRequest="false"" in my view. I'm using MVC 2, Visual Studio 2010, .NET 4.0, and I'm still getting the following error:

A potentially dangerous Request.Form value was detected from the client (Body="<p>test</p>").

This is with CKEditor. I've already looked at http://stackoverflow.com/questions/3475896, but that might be old.

Please help!! Thanks.

UPDATE:

Soooo.... turns out you have to tweak the root web.config, and NOT the web.config that's in your Views folder. sweet mercy. thanks everyone!

A: 

You might want to override OnError event (which is fired on this error) in your aspx.cs site and there handle this error

Update:

   protected override void OnError(EventArgs e)
   {
      base.OnError (e);
   }

I havent tested that, but leaving this method blank (just delete: base.OnError(e); before copy-pasting into your code) might solve your problem.

Katalonis  2010-10-25 12:59:19
how would I do this..? thanks for your response, by the way.
Ian Davis  2010-10-25 13:31:00
see update of my answer - but I havent tested that. All I'm sure about is that OnError event is fired when it handles "potentailly dangerous...."
Katalonis  2010-10-25 13:56:10
see update to my original post... I'm an idiot ;)
Ian Davis  2010-10-25 14:23:18
A: 

I have found that you need to go to the Action on the controller which is recieving the post data from the CKEditor enhanced form and on that action add the attribute like this:

[ValidateInput(false)]
public ActionResult UpdateText(string HtmlText)
{
  Repository.Save(HtmlText);  

  ...

  return View();
}
Richard  2010-10-25 13:06:07
already did this, to no avail :/
Ian Davis  2010-10-25 13:21:49
A: 

To the System.Web section of your web.config add this -

<httpRuntime requestValidationMode="2.0"/>

And use 

[ValidateInput(false)]

On the action Method

Subbarao  2010-10-25 19:47:43

related questions

Redirecting to specified controller and action in asp.net mvc 2 action filter
Rendering the field name in an EditorTemplate (rendered through EditorFor())
Missing Classes and Methods in ASP.net MVC 2
using Html.EditorFor with an IEnumerable<T>
ASP.NET MVC and ViewState
ASP.NET MVC 2 DisplayFor()
Maintaining ViewData between RenderAction calls
ASP.NET MVC - Current Action from controller code?
Is it a good idea to put content access logic in a BaseController?
HttpModule with ASP.NET MVC not being called
Ways to define an ASP.NET MVC Route
ASP.NET MVC 2 Preview 1 - DataAnnotation Validation with complex model object
ASP.NET MVC 2 Preview 1 - Problem compiling StructureMap Controller Factory
ASP.NET-MVC2 Preview 1: Are There Any Breaking Changes?
Site navigation for an 'Admin' application in ASP.NET MVC
Html.LabelFor Specified Text [ASP.NET MVC 2]
Is it viable to use ASP.NET MVC 2 Preview 1 in a production application?
Unit tests on MVC validation
Form input validation options in ASP.NET MVC 1.0+
Validation: Model or ViewModel
ASP.NET MVC 2 editor template for value types, int
ASP.NET MVC 2 Preview 1 - what is the best way to implement areas?
ASP.NET MVC 2.0 overview information?
Passing Controller a FormCollection and an IList<T>
Best ASP.NET MVC book?