find a location for property in a new city

Wednesday, 14 April 2010

Potentially dangerous request .NET4 upgrade

I encountered an error after upgrading to ASP.NET 4 from 3.5 whereby my page was throwing an HttpRequestValidationException error. With error message "A potentially dangerous Request.Form value was detected from the client". This problem DID NOT occur before on this page that uses a TinyMCE rich text editor.

This page is sending dangerous requests since it is using a rich text editor that post HTML. This was worked around before by putting ValidateRequest="false" in the page declaration.

This seems to be ignored now in .NET4! Really I should be changing TinyMCE to be posting BBCode and replacing it with proper HTML on the server... but... I'm not since this is only for trusted internal users... and I can't be bothered ;)

Workaround

requestValidationMode="2.0" needs to be added to the httpRuntime element of the <system.web> section of the web.config.

Follow britishdev on Twitter

2 comments:

  1. That what I was looking for.
    Thx dude !

    ReplyDelete
  2. Cheers mate. Makes it all worth while.

    ReplyDelete