I know that there are many posts in this thread, but no matter how hard I try (using the details in such posts), I cannot completely remove the query check from MVC 3.
As an ugly but simple test, I followed these steps: -
- Open VS and create a new sample MVC3 Internet application.
- Above each of my actions with the controller, I placed the [ValidateInput (false)] attribute.
- Edit the root web.config file to
<httpRuntime requestValidationMode="2.0" />be in the section <system.web />.
While this means that I can submit forms with a type thing <script>in a field, I still cannot decide how to allow Request.Paths, for example http://localhost/MySampleApp/Account/LogOn<script>.
If I call such a URL, I still get ". A potentially dangerous Request.Path value was found at the client (<)."
Does anyone know how to REALLY remove all request validation in MVC 3 on .Net 4.0?
Many thanks,
source
share