I can't turn off Request Validation for an ASP.NET MVC Controller

StackOverflow https://stackoverflow.com/questions/1110452

Question

I am trying to turn off Request Validation for all action methods in a controller by doing this:

[ValidateInput(false)]
public class MyController : Controller
{
    ...

The reference I am using says this is possible and tells me to do it this way, but for some reason it's not working.

If I submit any html (even a simple <b> tag) through a text box, I get the error:

A potentially dangerous Request.Form value was detected from the client (text=<b>").

It's also not working by attaching the attribute to an individual method.

How can I disable Request Validation for a controller?

EDIT

I am working in VS2008 built in test server.

Was it helpful?

Solution

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method?

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

OTHER TIPS

To make it working you need to modify web.config as well:

<system.web>
    <httpRuntime requestValidationMode="2.0"/>
    ...
</system.web>

Pro ASP.NET MVC Framework (p466) says the following is supposed to work:

public class MyController : Controller 
{
     public MyController() {
        ValidateRequest = false;
     }
}

Can you post your controller file and your view file.

This works;

MytestController--------------------------------

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;

namespace testapp.Controllers
{
    [ValidateInput(false)]
    public class MyTestController : Controller
    {

        public ActionResult Index()
        {
            return View();
        }

    }
}

MyTest(Index)-------------------------------------------------------

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Index</title>
</head>
<body>
 <% using (Html.BeginForm()) { %>
 <%= Html.TextBox("test")%>
 <button type="submit"  >Submit</button>
 <%} %>
</body>
</html>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top