A potentially dangerous Request.Form value was detected from the client - ASP.NET MVC

Question

I am getting this error in my ASP.NET MVC application where I am taking HTML input from a WYSIWYG so I don't want the content validated.

I have attempted the solution I found here but it seems to make no difference in my MVC application. I have also tried doing it in the web.config but again - no joy.
Is this a bug in ASP.NET MVC or something?

Answer 1

In MVC you would use the ValidateInput(false) attribute.

You then need to sanitize your inputs, e.g. with something like this (built in to ASP.NET 4.5+; use NuGet package for earlier).

Answer 2

In MVC 3 and later, you can also use the [AllowHtml] attribute. This attribute allows you to be more granular by skipping validation for only one property on your model.

https://learn.microsoft.com/en-us/dotnet/api/system.web.mvc.allowhtmlattribute?view=aspnet-mvc-5.2

Answer 3

In your controller action method, (the one which is bringing this) add [ValidateInput(false)]

Example

    [HttpPost]
    [ValidateInput(false)]
    public ActionResult Insert(FormCollection formCollection, Models.Page page)
    {
        //your code
        return View();
    }

Answer 4

use <httpRuntime requestValidationMode="2.0" /> in web config

Answer 5

Just place this attribute: [ValidateInput(false)] on the action method on the controller that handles the form post.