I have a form with the wmd editor on it. The input text area is rendered using:
<%: Html.TextAreaFor(t => t.NewsBody, new{@class="wmd-panel", id="wmd-input"}) %>
Every time I submit the form I get A potentially dangerous Request.Form value was detected from the client
I tried setting [ValidateInput(false)] on the action method, I tried adding
to the web.config and I've tried
<httpRuntime requestValidationMode="2.0" />validateRequest="false"
in the pages directive in web.config but it's still happening.
Any ideas?
Edit
Action method:
[ILFFAuthorize(Roles = "Admin")] // this is a custom auth attrobite
[HttpPost]
[ValidateInput(false)]
public ActionResult AddNews(FormCollection col){
//public ActionResult AddNews(News news)
//{
if (ModelState.IsValid)
{
News news = new News();
news.NewsDate = DateTime.Now;
news.NewsPosterId = 0;
news.NewsTitle = col["NewsTitle"];
news.NewsBody = col["NewsBody"];
newsRepository.Add(news);
newsRepository.Save();
return RedirectToAction("Index", "Home");
}
else
{
return View();
}
}
Best Answer
You need to place this on top of your
[HttpPost]
action methodIf you are using MVC3 then you should't use
[ValidateInput(false)]
but use[AllowHtml]
which is explained here: http://dailydotnettips.com/2011/08/24/how-to-allow-user-to-input-html-in-asp-net-mvc/also: try putting
[ValidateInput(false)]
above your[HttpPost]
not under, As I remember, these get executed top to bottom.