A potentially dangerous request.form value was detected from the client Error in MVC C#

I was following the article of adding rich text editor as explained here (How to use Rich text editor (CKEditor) in MVC), but when I am submitting CKEditor data to the controller, I am getting this error 

A potentially dangerous Request.Form value was detected from the client


How can I solve It? And why I got this error?

Thank you

Asked by:- jon
: 1490 At:- 6/5/2018 11:53:29 AM

1 Answers
profileImage Answered by:- Sam


"A potentially dangerous request.form value was detected...."This error occurs in ASP.NET MVC web-application, when you are trying to submit a form which has input textbox or textarea with HTML contents in it.

This behaviour of application is by default as ASP.NET implements a validation check on all input so that our web application has a basic protection from XSS attacks.


If you want to submit form data with HTML contents, here are the ways to resolve this issue:

  1. Using [AllowHTML] (recommended way)
    You can allow Model property to attach HTML contents using [AllowHTML] attribute fot it, suppose you want to submit form data with HTML in "Description", then in your Model you can use C# code as below
    public string Description { get; set; }?
  2. Another way is to use [ValidateInput(false)] attribute in your Controller's ActionMethod
    public ActionResult SaveDataWithHTML(ClassName cn) {
        //save data here

    it will disable the validation by ASP.Net MVC  only for the above particular Action method, it can be useful when you have multiple Model attributes which allows HTML content.

  3. There is another easy way is to disable this validation process. This can be done by setting the below properties in the Web.config file.
        <pages validateRequest="false" /> 

    In .NET 4.0, you would have to change one more property.

        <pages validateRequest="false" />  
        <httpRuntime requestValidationMode="2.0"/>
    Note: pages validateRequest="false" opens your web page to Cross Site Injection (XSS) attacks. Use Server.HtmlEncode or some AntiXSS libarary functions in your C# code to prevent any XSS attack.

Any of the above solution should help you, to get rid of the error, also, I have seen the above mentioned article also, they have already asked to disable validate request to submit form data with CKEditor using the 2nd method which I have told you above.

At:- 6/5/2018 3:18:38 PM Updated at:- 6/5/2018 3:19:39 PM
Excellent answer, thank you 0
By : jon - at :- 6/6/2018 10:07:52 AM

Login/Register to answer
Register directly by posting answer/details

Full Name *

Email *

By posting your answer you agree on privacy policy & terms of use

Subscribe Now

Subscribe to our weekly Newsletter & Keep getting latest article/questions in your inbox weekly