Potentially dangerous Request.Form value was detected from the client

asp.net-mvc exception httpwebrequest system.web
tech_human picture tech_human · May 31, 2012 · Viewed 10.4k times · Source

I am running an ASP.Net MVC application and facing the following error. As I am new to ASP.Net, could someone please help me as to what does it mean and how can I resolve it?

I tried googling to understand it, but found different answers for the same error which left me more confused.

Exception caught in Global.asax:System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$WarningCtl1$TXTWarningText="

This is the warni..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.app_config_appttypes_groupappttypes_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Please suggest.

Answer

Jim D'Angelo picture Jim D'Angelo · May 31, 2012

You need to add the ValidateInputAttribute to your controller (which applies it to all of your action methods for that controller, so be careful):

[ValidateInput (false)]
public class MyController : Controller { ... }

Or your action method:

public class MyOtherController : Controller
{
    [ValidateInput (false)]
    public ActionResult MyActionMethod (MyObjectThatTakesInHtml myObject)
    { ... }
}

Edit

As @dotjoe pointed out, and I forgot to mention, you also have access to the AllowHtmlAttribute (found in System.Web.Mvc) on a property in your model.

public class MyObjectThatTakesInHtml
{
    [AllowHtml]
    public string MyHtmlProperty { get; set; }
}

Related questions

MaxJsonLength exception in ASP.NET MVC during JavaScriptSerializer

In one of my controller actions I am returning a very large JsonResult to fill a grid. I am getting the following InvalidOperationException exception: Error during serialization or deserialization using the JSON JavaScriptSerializer. The length of the string exceeds the …

Read More
Why is this code throwing an InvalidOperationException?

I think that my code should make the ViewBag.test property equal to "No Match", but instead it throws an InvalidOperationException. Why is this? string str = "Hello1,Hello,Hello2"; string another = "Hello5"; string retVal = str.Split(",".ToCharArray(), StringSplitOptions.RemoveEmptyEntries) .First(…

Read More
I'm getting a "Does not implement IController" error on images and robots.txt in MVC2

I'm getting a strange error on my webserver for seemingly every file but the .aspx files. Here is an example. Just replace '/robots.txt' with any .jpg name or .gif or whatever and you'll get the idea: The controller …

Read More