a potentially dangerous request.form value was detected but validateinput(false) not working
Posted
by tonybolding
on Stack Overflow
See other posts from Stack Overflow
or by tonybolding
Published on 2010-03-18T23:08:26Z
Indexed on
2010/03/18
23:11 UTC
Read the original article
Hit count: 171
asp.net-mvc-2
I have installed VS2010 and MVC2 and testing a simple form using tinyMCE. When I post the contents of the textarea in tinyMCE I get the dreaded YSD and the message "a potentially dangerous....." No problem I thought - seen this before so I put the ValidateInput(false) on the controller but no joy - I still get the error.
page code in edit.aspx is: <% using (Html.BeginForm()){ %>
<!-- Gets replaced with TinyMCE, remember HTML in a textarea should be encoded -->
<textarea id="elm1" name="mceText" rows="15" cols="80" style="width: 80%">
<p>
This is some example text that you can edit inside the <strong>TinyMCE editor</strong>.
</textarea>
<br />
<input type="submit" name="save" value="Submit" />
<input type="reset" name="reset" value="Reset" />
<%} %>
and Controller action is:
[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]
public ActionResult Edit(string mceText)
{
return View();
}
Any thoughts - (I know the code is not complete) been trying this for hours but everyone just says to use ValidateInput(false)
© Stack Overflow or respective owner