A potentially dangerous request.form value was detected from the client Error in MVC C#


I was following the article of adding rich text editor as explained here (How to use Rich text editor (CKEditor) in MVC), but when I am submitting CKEditor data to the controller, I am getting this error 

A potentially dangerous Request.Form value was detected from the client

a-potentially-dangerous-request-form-was-detected-from-the-client-min.png

How can I solve It? And why I got this error?

Thank you


Asked by:- jon
0
: 83 At:- 6/5/2018 11:53:29 AM
C# ASP.NET MVC CKEditor in MVC






1 Answers
profileImage Answered by:- Sam

Reason:

"A potentially dangerous request.form value was detected...."This error occurs in ASP.NET MVC web-application, when you are trying to submit a form which has input textbox or textarea with HTML contents in it.

This behaviour of application is by default as ASP.NET implements a validation check on all input so that our web application has a basic protection from XSS attacks.

Resolution:

If you want to submit form data with HTML contents, here are the ways to resolve this issue:

  1. Using [AllowHTML] (recommended way)
    You can allow Model property to attach HTML contents using [AllowHTML] attribute fot it, suppose you want to submit form data with HTML in "Description", then in your Model you can use C# code as below
    [AllowHtml]
    public string Description { get; set; }?
  2. Another way is to use [ValidateInput(false)] attribute in your Controller's ActionMethod
    [HttpPost]
    [ValidateInput(false)]
    public ActionResult SaveDataWithHTML(ClassName cn) {
        //save data here
    }?

    it will disable the validation by ASP.Net MVC  only for the above particular Action method, it can be useful when you have multiple Model attributes which allows HTML content.

  3. There is another easy way is to disable this validation process. This can be done by setting the below properties in the Web.config file.
    <configuration> 
      <system.web> 
        <pages validateRequest="false" /> 
      </system.web> 
    </configuration>?

    In .NET 4.0, you would have to change one more property.

     <system.web> 
        <pages validateRequest="false" />  
        <httpRuntime requestValidationMode="2.0"/>
      </system.web> 
    Note: pages validateRequest="false" opens your web page to Cross Site Injection (XSS) attacks. Use Server.HtmlEncode or some AntiXSS libarary functions in your C# code to prevent any XSS attack.

Any of the above solution should help you, to get rid of the error, also, I have seen the above mentioned article also, they have already asked to disable validate request to submit form data with CKEditor using the 2nd method which I have told you above.

2
At:- 6/5/2018 3:18:38 PM Updated at:- 6/5/2018 3:19:39 PM
Excellent answer, thank you 0
By : jon - at :- 6/6/2018 10:07:52 AM





Login/Register to answer
Or
Register directly by posting answer/details

Full Name *

Email *




By posting your answer you agree on privacy policy & terms of use