Sitecore 7.2 Item Web Api - Unable to PUT html text

Question

I am trying to update (using PUT operation) a sitecore item with a 'Rich Text' field with the Sitecore ItemWebApi 1.2. I am running in to an issue with the server saying

"A potentially dangerous Request.Form value was detected from the client"

I could do the validationRequest=false in the web.config. But that will disable the validation for all requests which is not ideal. Is there a way to save html text using ItemWebApi without using the validationReques=false? Seems for aspx pages you could use @Page. Not sure where something like that could be configured in this case.

Answer 1

May be you have already figured out the answer for yourself, but in interest of our fellow community I posting answer here.

Actually myself get struck into this similar issue from last week, but because of your question i found the solution. By Default Sitecore nowdays comes with

<pages validateRequest="false">

but it is not effective until or unless we do following

<httpRuntime requestValidationMode="2.0"/>

It is also indicated in Sitecore KB article and in another stack overflow answer.

Regards Vishal Gupta

Answer 2

I did double escaping on client before sending to server and double unescaped with a custom item web api processor to essentially achieve the same effect for this one ajax call. This way, I did not have to turn off validation application wide and had to add the validateRequest=true on all pages. Turning of default html validation would also mean every other developer on our team needs to be aware that html validation is turned off and they have to add special xml on top to enable it. Someone missing that will make our site insecure.