CODEWITHSUNDEEP
asp.netasp.net-mvcvalidationweb-config
ajbeaven
ajbeaven

Reputation: 9562

"A potentially dangerous Request.Path found..." on .NET 4 with requestValidationMode="2.0" and validateRequest="false" set

I'm attempting to circumvent the error message that .NET throws when you try and submit HTML: 

A potentially dangerous Request.Form value was detected from the client

Having read the following question, web.config looks like this:

<configuration>
    <system.web>

        <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>

        <pages validateRequest="false">
            <namespaces>
                <add namespace="Microsoft.Web.Mvc" />
                <add namespace="System.Web.Mvc" />
                <add namespace="System.Web.Mvc.Ajax" />
                <add namespace="System.Web.Mvc.Html" />
                <add namespace="System.Web.Routing" />
            </namespaces>
        </pages>

    </system.web>
</configuration>

When I type in HTML, I'm still getting the error though. I'm running a .NET 4, MVC 2 application just using the Visual Studio development server.

Upvotes: 4

Views: 1896

Answers (2)

James Johnson
James Johnson

Reputation: 46057

Try doing a clean rebuild on the solution, and if needed close visual studio and clear your temporary ASP.NET files. If you have ValidateRequest set to false, then it's probably a caching issue or your DLL is out of sync.

As ajbeaven mentioned, you may also want to try adding the ValidateInput attribute to your controller class.

One of the above suggestions should definitely resolve your issue.

Upvotes: 0

ajbeaven
ajbeaven

Reputation: 9562

Ahh, just read a blog here: http://geekswithblogs.net/renso/archive/2011/08/26/a-potentially-dangerous-request-value-was-detected-from-the-client.aspx

It talks of adding another attribute on your actions, [ValidateInput(false)], which funnily enough, I haven't seen mentioned on any of the similar questions on SO.

I added the attribute to my BaseController, of which all controllers in my application inherit from and it immediately started working.

[ValidateInput(false)]
public class BaseController : Controller
{
    // code here
}

Note: I still needed to include both:

<httpRuntime requestValidationMode="2.0"/>

and 

<pages validateRequest="false" />

in the web config.

Upvotes: 3

Related Questions