“potentially dangerous Request.Form value …” — mvc 2, .net 4.0

Question

I am trying to set up input validation using regular expressions, but I keep getting this error when I enter "<test>" in a textbox:

A potentially dangerous Request.Form value was detected from the client

I have this in the web.config:

<system.web>
    <httpRuntime requestValidationMode="2.0" />

I also have this in the web.config:

<system.web>
    <pages controlRenderingCompatibilityVersion="3.5" 
              clientIDMode="AutoID" 
               validateRequest="false">
              ...
              </pages>

and I have this in the page directive of the view in question:

ValidateRequest="false"

Nothing seems to help. I have seen this question on this site and usually the posters leave out the httpRuntime tag in the web.config ... but I have included that and I still get the exception. Any ideas?

Answer 1

OK, I found the answer: [ValidateInput(false)] before the controller or action code! (I didn't go far enough in reading previous questions!)