a potentially dangerous request.form value was detected but validateinput(false) not working

Posted by tonybolding on Stack Overflow See other posts from Stack Overflow or by tonybolding
Published on 2010-03-18T23:08:26Z Indexed on 2010/03/18 23:11 UTC
Read the original article Hit count: 171

Filed under:

I have installed VS2010 and MVC2 and testing a simple form using tinyMCE. When I post the contents of the textarea in tinyMCE I get the dreaded YSD and the message "a potentially dangerous....." No problem I thought - seen this before so I put the ValidateInput(false) on the controller but no joy - I still get the error.

page code in edit.aspx is: <% using (Html.BeginForm()){ %>

<!-- Gets replaced with TinyMCE, remember HTML in a textarea should be encoded -->
<textarea id="elm1" name="mceText" rows="15" cols="80" style="width: 80%">
    &lt;p&gt;
        This is some example text that you can edit inside the     &lt;strong&gt;TinyMCE editor&lt;/strong&gt;.
</textarea>

<br />
<input type="submit" name="save" value="Submit" />
<input type="reset" name="reset" value="Reset" />

<%} %>

and Controller action is:

    [AcceptVerbs(HttpVerbs.Post)]
    [ValidateInput(false)]
    public ActionResult Edit(string mceText)
    {

        return View();
    }

Any thoughts - (I know the code is not complete) been trying this for hours but everyone just says to use ValidateInput(false)

© Stack Overflow or respective owner

Related posts about asp.net-mvc-2