Reputation: 7156
Potentially dangerous Request.Form value was detected from the client
I am running an ASP.Net MVC application and facing the following error. As I am new to ASP.Net, could someone please help me as to what does it mean and how can I resolve it?
I tried googling to understand it, but found different answers for the same error which left me more confused.
Exception caught in Global.asax:System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$WarningCtl1$TXTWarningText="
This is the warni..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.app_config_appttypes_groupappttypes_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Please suggest.
Upvotes: 7
Views: 11540
Answers (3)
Reputation: 285
- Encode at client level and decode it in Server Level
Steps
1.Post the form using jquery submit method.
in jquery button click event method encode field that you want to post to server. example
$("#field").val(encodeURIComponent($("#field").val())) $("#formid").submit();
In Controller Level access all form id value using
HttpUtility.UrlDecode(Request["fieldid"])
Make sure controller method dont have parameter.
Upvotes: 4
Reputation: 499
MVC
Added attribute to action [ValidateInput(false)]
and confirm web.config setting in system.web
Upvotes: -1
Reputation: 3952
You need to add the ValidateInputAttribute to your controller (which applies it to all of your action methods for that controller, so be careful):
[ValidateInput (false)]
public class MyController : Controller { ... }
Or your action method:
public class MyOtherController : Controller
{
[ValidateInput (false)]
public ActionResult MyActionMethod (MyObjectThatTakesInHtml myObject)
{ ... }
}
Edit
As @dotjoe pointed out, and I forgot to mention, you also have access to the AllowHtmlAttribute (found in System.Web.Mvc) on a property in your model.
public class MyObjectThatTakesInHtml
{
[AllowHtml]
public string MyHtmlProperty { get; set; }
}
Upvotes: 8
Related Questions
- ASP.NET MVC - A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected from the client - ASP.NET MVC
- A potentially dangerous Request.Form value was detected from the client
- ASP.Net error: A potentially dangerous Request.Form value was detected from the client
- A potentially dangerous Request.Form value was detected
- Dangerous Request.Form value was detected from the client - why?
- “A potentially dangerous Request.Form value was detected from the client”
- A potentially dangerous Request.Form value was detected
- ASP.NET - A potentially dangerous Request.Form value was detected