ASP.NET MVC URL Parameters Double Escaped?

Question

I've got a text area that contains HTML. I expect the content to be escaped when posted to the controller method but I'm finding it is escaped twice. What could possibly cause this? See the example below:

Pulled from request:

<b>test</b>

WebUtility.HtmlDecode 1st time:

<b>test</b>

WebUtility.HtmlDecode 2nd time:

<b>test</b>

I'm no expert when it comes to web development but I've got about 2 years of experience. This is the first time I've seen anything like this. I've attempted adding the following sections to my Web.config with no luck:

<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" /


<security>
  <requestFiltering allowDoubleEscaping="false" />
</security>

Please let me know if I can provide more information.

Answer 1

It turns out the problem lay in the textarea itself. In the view it was just a standard textarea, but in Javascript document.Ready was then made to be a kendoEditor. The kendoEditor was encoding the HTML first, then ASP.net was applying its standard encoding as well. Setting the attribute encoded equal to false fixed the issue:

    $("#editor").kendoEditor({
        encoded: false
    });

Update: I found later that setting the encoded attribute to false would introduce another problem. On submit I received a "A potentially dangerous Request.Form value was detected from the client" error when using formatting tools from the built-in KendoEditor toolbar. My solution was to double-decode the posted request:

WebUtility.HtmlDecode(WebUtility.HtmlDecode(Request["value"]));