A potentially dangerous Request.Form value was detected from the client

asp.net-mvc ckeditor ckfinder
Dofs picture Dofs · Jan 7, 2011 · Viewed 13.5k times · Source

I am using CKEditor/CKFinder as wysiwyg editor on my MVC.NET site.

I have set [ValidateInput(false)] and it works when debugging it locally, but I receive the following error when I have published the site:

A potentially dangerous Request.Form value was detected from the client (message="<p>
<em>Testing</e...").

can anyone explain why the published site is different from the locally site, especially when I have set [ValidateInput(false)]?

*Update:*I am using .Net 3.5 so shouldn't [ValidateInput(false)] work out the box?

Answer

Catch22 picture Catch22 · Jan 18, 2011

Have you tried setting the htmlEncodeOutput property?

CKEDITOR.replace('editor1', {
    htmlEncodeOutput: true });

This should encode the output and you should be able to avoid setting the requestValidationMode.

Documentation for it is here: ckEditor documentation

Related questions

CKEditor Image Upload

I am looking to include CKEditor in a project I am working on and I need the image upload support provided by the CKFinder plugin, however I do not particularly need the rest of the CKFinder tool and thus purchasing …

Read More
How to integrate CKEditor into Asp.net MVC

Saw this post at CodeProject for FCKEditor. Can someone explain what about the new version?

Read More
CKEditor and ASP.Net MVC 3 RequiredAttribute

I've integrated CKEditor 3 (formerly FCKEditor) into my asp.net MVC (v3 to be specific) application. I have a RequiredAttribute in my model for the field that needs the editor but the client side validation doesn't work correctly with CKEditor. When …

Read More