I am using Master Pages in an ASP.NET MVC app that lets you submit HTML data as part of a form. Even when I set
<%@ Page ValidateRequest="false" %>
Or set
<pages validateRequest="false">
...
</pages>
in my web.config file i still get the same error:
A potentially dangerous Request.Form value was detected from the client…
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
I am using ASP.NET Master Pages within an MVC app.
Any thoughts? See this related question.
Best Answer
In asp.net MVC validation occurs at the controller level rather than page, applying attribute [ValidateInput(false)] to the controller action should help