Reputation: 9279
MVC3 C# Potentially dangerous request error
I have an MVC3 C#. Web App. One of our properties uses an RTF control for our TextBoxFor controls:
@Html.TextAreaFor(model => model.SowDescription,
(object)new
{
rows = 7,
cols = 65,
@class = "celltext2 save-alert attachmentEditor",
disabled = "disabled"
}
THe attachmentEditor class uses CkEditor. So there are html tags embedded in the control for Bold, Italics, etc. A user pasted some data into this TextArea and we received this error:
A potentially dangerous Request.Form value was detected from the client (SowDescription="<br /> <br /> <u><..."). ********
We use HttpUtility.HtmlDecode in other cases, but the using it in the Html.TextAreFor() helper we get this error:
Templates can be used only with field access, property access, single-dimension array index, or single-parameter custom indexer expressions.
Any ideas how we can Encode/Decode the using the Html.TextAreaFor() helper?
Upvotes: 2
Views: 1352
Answers (3)
Reputation: 3246
Simply write: UI:
CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});
Controller:
model.Body = System.Net.WebUtility.HtmlDecode(model.Body);
Upvotes: 0
Reputation: 2192
In your model,before SowDescription definition add this
[AllowHtml]
You need System.Web.Mvc reference for using it
Upvotes: 2
Reputation: 11396
Try decorating the SowDescription viewmodel property with the [AllowHtml] attribute.
Upvotes: 3
Related Questions
- A potentially dangerous Request.Form value was detected from the client
- HtmlEncoder error in Asp.Net MVC 5
- MVC html.raw producing "An error occurred while processing your request"
- Encoded url gives dangerous request exception
- Asp.mvc request validation
- Imperfect HTML-encoding in ASP.NET MVC?
- A potentially dangerous Request.Form value was detected from the client
- Dynamic HTML content - "A potentially dangerous Request.Form value was detected from the client"
- ASP.NET MVC 2 - Problem with Request encoding
- Html.Encode does not return anything