I am getting the error
A potentially dangerous Request.Form value was detected from the client
when I deploy my application (the error does not happen when I run via localhost).
It occurs when submitting a form, because one of the fields contains HTML. I have added [AllowHtml] around the property in the model that corresponds to the offending form-field, but this does not seem to work.
I would rather not use [ValidateInput(false)] on the action method for obvious reasons, and at any rate, that doesn't seem to work either.
Is there any other configuration I need to be doing? I have read that adding
<httpRuntime requestValidationMode="2.0"/>
to the web config file could fix it, but again I don't want to add that because I still want secure validation for other parts of my application.
Any ideas?