CODEWITHSUNDEEP
asp.net-mvcckeditorfckeditor
Sosi
Sosi

Reputation: 2578

MVC2 application with Ckeditor "potentially dangerous Request.Form

I'm getting the "Potentially dangerous Request.Form request value was detected from the client" exception when im using my FCK editor.

How could encode before submit the form, or disable this validation without disable the Data Anotations validation?

This is the code of my view:

 <% using (Html.BeginForm()) {%>
        <%: Html.ValidationSummary("Please complete in a right way the fields below.") %>

        <fieldset>
            <legend>Fields</legend>
            <div class="editor-field">
                <%: Html.LabelFor(e => e.Name)%>
                <%: Html.TextBoxFor(e => e.Name)%>
                <%: Html.ValidationMessageFor(e => e.Name)%>
            </div>
            <div class="editor-field">
                <%: Html.LabelFor(e => e.Teaser) %>
                <%: Html.TextAreaFor(e => e.Teaser)%>
                <%: Html.ValidationMessageFor(e => e.Teaser)%>
            </div>
            <div class="editor-field">
                <%: Html.LabelFor(e => e.Description) %>
                <%: Html.TextAreaFor(e => e.Description)%>
                <%: Html.ValidationMessageFor(e => e.Description)%>
            </div>
            <p>
                <input type="submit" />
            </p>
        </fieldset>

    <% } %>

<script type="text/javascript">
   //<![CDATA[
   // This call can be placed at any point after the
   // <textarea>, or inside a <head><script> in a
   // window.onload event handler.
   // Replace the <textarea id="xxxxxx"> with an CKEditor
   // instance, using default configurations.
   CKEDITOR.replace("Description");
   //]]>
</script>

Thanks a lot in advance.

Upvotes: 2

Views: 3966

Answers (4)

Md Rahatur Rahman
Md Rahatur Rahman

Reputation: 3244

If you are working with the FCK editor or CKeditor you do not need to deal with the "requestValidationMode". As it will be applied on the entire application. You can just do the followings:

CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});

Then in the controller:

model.Body = System.Net.WebUtility.HtmlDecode(model.Body);

Upvotes: 2

Namchul Cho
Namchul Cho

Reputation: 31

[script type="text/javascript" src="/ckeditor/_source/core/editor.js"][/script]

CKEDITOR.config.htmlEncodeOutput = true;

Upvotes: 3

AlfonsoML
AlfonsoML

Reputation: 12690

config.htmlEncodeOutput

But it might be easier to use a .Net wrapper for CKEditor.

Upvotes: 0

jorgebg
jorgebg

Reputation: 6600

<httpRuntime requestValidationMode="2.0" />

Check: Request Validation - ASP.NET MVC 2

Upvotes: 4

Related Questions