I would like to intercept the "<" character in the form field by a regex validator. I will describe the problem in 3 steps:
Step 1: When I try to submit a form with a field containing the "<" character, I get the "Potentially dangerous request…" – as expected in ASP.NET.
Step 2: To avoid ASP.NET's RequestValidation, I decorate my Update method in the controller with "[ValidateInput(false)]".
It works as expected – now I can post "<" character without error.
Step 3: I use xVal with DataAnnotations. For example, [Required] or [StringLength(255)] works as expected.
BUT when I use:
[RegularExpression("^[^<>]*$", ErrorMessage = "Special characters are not allowed.")], I get the "Potentially dangeros request…" error again, despite the [ValidateInput(false)] directive.
What's happening? Is there a simpler way for regex validaton, but with [ValidateInput(false)] in place? Of course, I'd like to have my validation code in the model, not in the controller.
Best Answer
Looks like the bot keeps on pushing this one to the top still. Could you mark an answer as accepted so that it knows?