A potentially dangerous request.form value was detected from the client Error in MVC C#

Reason:

"A potentially dangerous request.form value was detected...."This error occurs in ASP.NET MVC web-application, when you are trying to submit a form which has input textbox or textarea with HTML contents in it.

This behaviour of application is by default as ASP.NET implements a validation check on all input so that our web application has a basic protection from XSS attacks.

Resolution:

If you want to submit form data with HTML contents, here are the ways to resolve this issue:

1. Using [AllowHTML] (recommended way)
   You can allow Model property to attach HTML contents using [AllowHTML] attribute fot it, suppose you want to submit form data with HTML in "Description", then in your Model you can use C# code as below
   

   [AllowHtml]
   public string Description { get; set; }?

2. Another way is to use [ValidateInput(false)] attribute in your Controller's ActionMethod
   

   [HttpPost]
   [ValidateInput(false)]
   public ActionResult SaveDataWithHTML(ClassName cn) {
       //save data here
   }?

   it will disable the validation by ASP.Net MVC  only for the above particular Action method, it can be useful when you have multiple Model attributes which allows HTML content.

3. There is another easy way is to disable this validation process. This can be done by setting the below properties in the Web.config file.
   

   <configuration> 
     <system.web> 
       <pages validateRequest="false" /> 
     </system.web> 
   </configuration>?

   In .NET 4.0, you would have to change one more property.

    <system.web> 
       <pages validateRequest="false" />  
       <httpRuntime requestValidationMode="2.0"/>
     </system.web> 

   Note: pages validateRequest="false" opens your web page to Cross Site Injection (XSS) attacks. Use Server.HtmlEncode or some AntiXSS libarary functions in your C# code to prevent any XSS attack.

Any of the above solution should help you, to get rid of the error, also, I have seen the above mentioned article also, they have already asked to disable validate request to submit form data with CKEditor using the 2nd method which I have told you above.

If you want to resolve this issue in ASP.NET web-Forms, page wide, you can use the below code in Web.Config

<configuration>

  <location path="YourFolder/.aspx">
    <system.web>
      <pages validateRequest="false" />
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>

</configuration>

Above code will allow you to use markup as input for specific pages instead of the whole site by putting it all in a <location> element.

OR

Using asp:Textbox control (Asp.net 4.5), instead of setting the all page for validateRequest="false" you can use

<asp:TextBox runat="server" ID="mainTextBox" ValidateRequestMode="Disabled"></asp:TextBox>

on the textbox only

In ASP.NET MVC

You can exclude specific input field from checking HTML input, as below

[HttpPost, ValidateInput(true, Exclude = "ExcludeYourFieldName")]
public ActionResult SaveFormValues(int id, FormCollection collection)
{
    //your code here
}

In Controller, you can also try below code for unvalidated values

HttpRequestBase request = controllerContext.HttpContext.Request;
string re = request.Unvalidated.Form.Get("YourKey");

so, if you have already created request.form in C# code

Replace all instances of Request.Params.AllKeys with Request.Unvalidated.Form.AllKeys and all instances of Request[key] with Request.Unvalidated.Form[key].