"A potentially dangerous Request.Form..." error in MVC 2.0

Question

ValidateInputAttribute, ValidateInput, httpRuntime requestValidationMode="2.0" in web.config (system.web) all do not fix, also the "ValidateRequest="false"" in my view. I'm using MVC 2, Visual Studio 2010, .NET 4.0, and I'm still getting the following error:

A potentially dangerous Request.Form value was detected from the client (Body="<p>test</p>").

This is with CKEditor. I've already looked at MVC2 application with Ckeditor "potentially dangerous Request.Form, but that might be old.

Please help!! Thanks.

UPDATE:

Soooo.... turns out you have to tweak the root web.config, and NOT the web.config that's in your Views folder. sweet mercy. thanks everyone!

Answer 1

As an alternative to the previous suggestions, I found HTML encoding what was passed back to the controller resolved the issue.

You can do this by adding config.htmlEncodeOutput = true; to CKEditor's config file (~/ckeditor/config.js).

The relevant documentation can be found at: https://docs-old.ckeditor.com/ckeditor_api/symbols/CKEDITOR.config.html#.htmlEncodeOutput.

Answer 2

To the System.Web section of your web.config add this -

<httpRuntime requestValidationMode="2.0"/>

And use

[ValidateInput(false)]

On the action Method

Answer 3

You might want to override OnError event (which is fired on this error) in your aspx.cs site and there handle this error

Update:

   protected override void OnError(EventArgs e)
   {
      base.OnError (e);
   }

I havent tested that, but leaving this method blank (just delete: base.OnError(e); before copy-pasting into your code) might solve your problem.

Answer 4

I have found that you need to go to the Action on the controller which is recieving the post data from the CKEditor enhanced form and on that action add the attribute like this:

[ValidateInput(false)]
public ActionResult UpdateText(string HtmlText)
{
  Repository.Save(HtmlText);  

  ...

  return View();
}