A potentially dangerous Request.Form value was detected from the client

1

this is the exception

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtCodeFormate="<a href="%%strpath%%...").
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.HttpRequest.get_HasForm()
   at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.ccadmin_cms_setup_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Till now I've tried following options,

 <httpRuntime targetFramework="4.5" requestValidationMode="2.0" />
 <pages validateRequest="false" enableEventValidation="false"></pages>

FYI, its working fine in local, but when I deploy it on server its not working properly, Do I need to work on something at IIS ?

asp.net
asp.net-mvc
web-applications
asked on Stack Overflow Nov 12, 2014 by Mox Shah

1 Answer

4

I believe your question with all options answered here.

Have you tried the following after you modify Web.config?

Option 1: On the model add this attribute to each property that you need to allow HTML - best choice

[AllowHtml]

Option 2: On the controller action add this attribute to allow all HTML

[ValidateInput(false)]
answered on Stack Overflow Nov 12, 2014 by teo van kot • edited Nov 13, 2018 by teo van kot

User contributions licensed under CC BY-SA 3.0