The ValidateInput (false) and AllowHtml attributes still cause "a potentially dangerous Request.Form value has been detected"

Question

The ValidateInput (false) and AllowHtml attributes still cause "a potentially dangerous Request.Form value has been detected"

I have on my model:

public class EmailTemplateModel
{
    public int EmailTemplateId { get; set; }

    [Required]
    public string Name { get; set; }
    [Required]
    public string Subject { get; set; }

    [AllowHtml]
    [Required]        
    public string Content { get; set; }
}

And on my controller:

[ValidateInput(false)]
public ActionResult AddNewTemplate(EmailTemplateEditorModel model)
{
}

But I get the following error:

The potentially dangerous Request.Form value was detected by the client

Why am I getting these errors, although this check should be disabled using the ValidateInput / AllowHtml attributes? If you look at other posts, it is unclear if I need both or only one of these attributes ...

+5

asp.net-mvc

jaffa Oct 25 '11 at 12:43

source share

1 answer

skolima · Accepted Answer · 2011-10-25T12:48:05+0000

You need to add

<httpRuntime requestValidationMode="2.0" />

web.config. . ASP.Net 4.0 . , 3.5 4.0. , MVC .

The ValidateInput (false) and AllowHtml attributes still cause "a potentially dangerous Request.Form value has been detected"

More articles: