requestvalidationmode="2.0" validaterequest="false" in web.config not working

9
votes

I'm looking for a bit of help as this is now driving me crazy.

I have a tinyMCE text editor on my page which is populated with content which is already stored in the database as html.

eg. <p>first paragraph</p> <p>second paragraph</p> etc, etc with no problems there.

but when I make a change in the editor and then try to update the content in the database I get the error potentially dangerous request.form value was detected from the client

I made all the recommended changes in the web.config

  • requestvalidationmode="2.0"
  • validaterequest="false"

But still get the potentially dangerous request.form value was detected from the client error. This is happening in .NET 4.0 any help/advice would be great.

4
c#.netasp.net.net-4.0
see this stackoverflow.com/questions/3072950/…V4Vendetta

4 Answers

7
votes

I wouldn't even try to enable this on a site-wide level in the web.config file - just do it per page, when you know specifically input data is safe:

<%@ Page ... ValidateRequest="false" %>

You can use an Umbraco control exposed specifically for this purpose from within a Template as such:

<umbraco:DisableRequestValidation runat="server" />
5
votes

You have to post the section of web.config,

It should be,

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime requestValidationMode="2.0" />
</system.web>
3
votes

There was similar topic already.

ValidateRequest="false" doesn't work in Asp.Net 4

Hope this will help.

1
votes

Add this line in your web.config file.

  <pages  validateRequest="false"></pages>