Geek Answers Handbook

MVC 5 - a potentially dangerous Request.Form value was detected by the client

I am developing an MVC5 web application and asking a question regarding user input of HTML data.

I understand that if I want to have HTML code in the model, I can enable data annotation [AllowHtml]and then sanitize the object field.

My question is that for any field of an object that does not have data annotation [AllowHtml], where the user enters some HTML code, is it possible to satisfy this error and not show the Error.cshtmlerror?

Ideally, I would like to display a validation message in the view before it Error.cshtmldisplays and logs the error.

Is it possible? How can I handle the error before it Error.cshtmldisplays and logs the error.

Thanks in advance.

UPDATE

I have the following function in a file Global.asax:

protected void Application_Error(object sender, EventArgs e)

This function catches my mistakes, for example, when the user goes to a page that does not exist, but http erroris located directly in the file Error.cshtml.

How can I change my code so that the function Application_Errorcatches this error?

I use Elmahfor logging andcustomErrors mode="On"

+4
source share
1 answer

, , HTML. , HTML , . , <, ' > ' <script>, HTML.

. , .

Application_Error Global.asax,

protected void Application_Error()
{
    Exception lastError = Server.GetLastError();
    if (lastError is HttpRequestValidationException)
    {
        //redirect to a static page and show proper error message
    }
}

Elmah, . Elmah ASP.Net.

HandleErrorAttribute App_Start\FilterConfig ( Global.asax) , ​​Web.config:

<customErrors mode="On" defaultRedirect="~/error/" />

, , ,
http://www.hanselman.com/blog/ELMAHErrorLoggingModulesAndHandlersForASPNETAndMVCToo.aspx

+2

More articles:


All Articles