mrblah
Reputation: 103517
Add validateRequest = false but still getting the error
I added:
<pages validateRequest="false">
to my web.config but I am still getting the error:
A potentially dangerous Request.Form value was detected from the
I added it to the view page also and still getting the error.
How can this be?
Upvotes: 2
Views: 886
Answers (1)
David
Reputation: 15360
In MVC, request validation has to be done at the controller level instead of at the page level because the controller is processing input, not the page. If request validation were done at the page level, then the controller would happily process malicious input (and potentially commit it to the database!) before the validation check ever took place.
[ValidateInput(false)]
Upvotes: 7
Related Questions
- ValidateRequest="false" doesn't work in Asp.Net 4
- requestvalidationmode="2.0" validaterequest="false" in web.config not working
- I can't turn off Request Validation for an ASP.NET MVC Controller
- why I cant disable request validation?
- HttpRequestValidationexception on Asp.Net MVC
- ValidateRequest="false" not worked
- validaterequest problem with asp.net web page
- Validate Request in .net 4.0 returning 500 error
- ValidateRequest = false in MVC 2.0 .net
- ASP.NET Request Validation Exception Even When Validation Is Disabled