Geeks With Blogs
Bob Palmer's Developer Blog .NET, SQL, and Silverlight Development

This was definitely one of those facepalm moments, where you spend a couple of hours beating on an issue then find out it's one line of code - so hopefully folks googling the same things I did will hit on this and have a solution.

Short version - if you need to HTTP post to your controller from an HTML form, and one of your fields has embedded HTML text (in my case, it was a nifty WYSIWYG text editor), you will get a very nasty error that looks something like this:

A potentially dangerous Request.Form value was detected from the client (PostText="TEST<br>TEST<br>TEST").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Googling will reveal suggestions to add the page directive 'ValidateRequest="false"'.  This is pretty much moot with MVC since it sets this globally to false - yet the problem will still occur.

The solution is incredibly simple.  If you need to push through unencoded HTML to your controller, you just need to add the [ValidateInput(false)] attribute to the action you're using for posting - for example:

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]
public ActionResult Topic(Post postToCreate)
{
 //some stuff
}

Enjoy!

Posted on Tuesday, December 29, 2009 9:05 AM | Back to top


Comments on this post: MVC tip - Dealing with 'A potentially dangerous Request.Form value was detected from the client'

# re: MVC tip - Dealing with 'A potentially dangerous Request.Form value was detected from the client'
Requesting Gravatar...
The error remains, I have no more ideas to remove this bug off of my MVC website... I'. using a jquery plugin for HTML edition on the view and the controller has the ValidateInput(false) decoration. (MVC 1.0)
Left by Andres Urena on Jun 18, 2010 4:59 PM

# re: MVC tip - Dealing with 'A potentially dangerous Request.Form value was detected from the client'
Requesting Gravatar...
of options to choose the best rates for you. There is no shortage of these products specialists, and they often keep on giving cool discounts discounts inexpensive bridal gowns discounts to the customers. During festivals, you can get the best bargains on them. What is more, stock clearance sale is another best sexy dress
for you getting the best deals for you.Now, adult sexy dresses from all the top brands are available with the online cloths and accessory sellers.Most sellers.Most dress shirt wholesale sellers.Most of the people also like wearing expensive jewelries and feel proud owning them. It is not just women who like jewelries but even men
Left by clothing suppliers wholesale on Mar 18, 2011 4:05 AM

# re: MVC tip - Dealing with 'A potentially dangerous Request.Form value was detected from the client'
Requesting Gravatar...
The error still remains for me also. Anybody with another alternative?
Left by Oseroke on Jun 19, 2013 8:53 AM

Your comment:
 (will show your gravatar)


Copyright © BobPalmer | Powered by: GeeksWithBlogs.net