The potentially dangerous Request.Form value was detected by the client

I am running an ASP.Net MVC application and am facing the following error. Since I am new to ASP.Net, can someone help me with what it means and how can I solve it?

I tried googling to figure this out, but found different answers for the same error that left me more confused.

Excluded in Global.asax: System.Web.HttpRequestValidationException (0x80004005): a potentially dangerous Request.Form value was found on the client (ctl00 $ MainContent $ WarningCtl1 $ TXTWarningText = "

This is a warning ... "). In System.Web.HttpRequest.ValidateString (String value, String collectionKey, RequestValidationSource requestCollection) in System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, RequestValidationSource requestCollectionHttp. ) in System.Web.HttpRequest.get_HasForm () in System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull) in System.Web.UI.Page.DeterminePostBackMode () in System.Web.UI.Page.ProcessRequestainain , Boolean includeStagesAfterAsyncPoint) in System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) in System.Web.UI.Page.ProcessRequest () in System.Web.UI.Page.ProcessRequest (context). app_config_appttypes_groupappttypes_aspx.ProcessRequest (HttpContext context) in S ystem.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute () on System.Web.HttpApplication.ExecuteStep (IExecutionStep step, logical and completed synchronously)

Please offer.

+6
source share
3 answers

You need to add the ValidateInputAttribute to your controller (which applies it to all your action methods for that controller, so be careful):

 [ValidateInput (false)] public class MyController : Controller { ... } 

Or your action method:

 public class MyOtherController : Controller { [ValidateInput (false)] public ActionResult MyActionMethod (MyObjectThatTakesInHtml myObject) { ... } } 

Edit

As @dotjoe noted, and I forgot to mention, you also have access to the AllowHtmlAttribute (found in System.Web.Mvc ) by the property in your model.

 public class MyObjectThatTakesInHtml { [AllowHtml] public string MyHtmlProperty { get; set; } } 
+8
source
  • Encode at the client level and decode it at the server level

Steps

1.Put the form using the jquery submit method.

in the encoding field of the jquery button click method that you want to send to the server. Example

 $("#field").val(encodeURIComponent($("#field").val())) $("#formid").submit(); 

At the controller level, access to all form identifier values ​​using

 HttpUtility.UrlDecode(Request["fieldid"]) 

Make sure the controller does not have a parameter.

+3
source

MVC

Added action attribute [ValidateInput (false)]

and confirm setting web.config in system.web

-1
source

Source: https://habr.com/ru/post/917123/


All Articles