"A potentially dangerous Request.Path found..." on .NET 4 with requestValidationMode="2.0" and validateRequest="false" set

Question

I'm attempting to circumvent the error message that .NET throws when you try and submit HTML:

A potentially dangerous Request.Form value was detected from the client

Having read the following question, web.config looks like this:

<configuration>
    <system.web>

        <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>

        <pages validateRequest="false">
            <namespaces>
                <add namespace="Microsoft.Web.Mvc" />
                <add namespace="System.Web.Mvc" />
                <add namespace="System.Web.Mvc.Ajax" />
                <add namespace="System.Web.Mvc.Html" />
                <add namespace="System.Web.Routing" />
            </namespaces>
        </pages>

    </system.web>
</configuration>

When I type in HTML, I'm still getting the error though. I'm running a .NET 4, MVC 2 application just using the Visual Studio development server.

score 3 · Accepted Answer · answered Oct 26 '11 at 21:03

Ahh, just read a blog here: http://geekswithblogs.net/renso/archive/2011/08/26/a-potentially-dangerous-request-value-was-detected-from-the-client.aspx

It talks of adding another attribute on your actions, [ValidateInput(false)], which funnily enough, I haven't seen mentioned on any of the similar questions on SO.

I added the attribute to my BaseController, of which all controllers in my application inherit from and it immediately started working.

[ValidateInput(false)]
public class BaseController : Controller
{
    // code here
}

Note: I still needed to include both:

<httpRuntime requestValidationMode="2.0"/>

and

<pages validateRequest="false" />

in the web config.

score 0 · Answer 2 · answered Oct 26 '11 at 21:10

Try doing a clean rebuild on the solution, and if needed close visual studio and clear your temporary ASP.NET files. If you have ValidateRequest set to false, then it's probably a caching issue or your DLL is out of sync.

As ajbeaven mentioned, you may also want to try adding the ValidateInput attribute to your controller class.

One of the above suggestions should definitely resolve your issue.

"A potentially dangerous Request.Path found..." on .NET 4 with requestValidationMode="2.0" and validateRequest="false" set

2 Answers2