Troubleshoot
A potentially dangerous Request.Form value was detected from the client
One of the error I am getting when performing a form post with HTML tags in .Net.
Solutions
Web.config
One of the StackOverflow 150+ voted answer was this.
<httpRuntime requestValidationMode="2.0" />
Put this in the Web.config and it will work. It is not my taste to change a site wide config for a form post though. I potentially want to block all other requests that post potentially dangerous HTML tags but except my Simple method.
ValidateInput = false
One of the simple solution available on the net is this. Set ValidateInput to false.
This works, but it potentially allowing the post not to check validation. I think I can still do better!!
AllowHtml
Potentially, I am setting AllowHtml attribute to a field that I would allow html. Everything else stay away.
No comments:
Post a Comment