Request validation in ASP.NET 4.5 RC in Umbraco

Question

I have a textbox in my ASP.NET 4.5 RC WebForms app which needs to accept potentially HTML.

I have researched this and have done the following to allow this to happen: In web.config I have set requestValidationMode and validateRequest appropriately.

<httpRuntime requestValidationMode="2.0" enableVersionHeader="false"/> 
<pages enableEventValidation="false" validateRequest="false">

On the control itself I have added the attribute ValidateRequestMode="Disabled"

<asp:TextBox ID="txtBio" runat="server" TextMode="MultiLine" Height="100" Width="300" ValidateRequestMode="Disabled" />

However, still I get the error:

A potentially dangerous Request.Form value was detected from the client

Does anyone have any other ideas for what else I could try? I'm thinking it's a bug in the ASP.NET 4.5 RC web stack, but I'm probably wrong. It feels that way though as I'm literally out of ideas. Seems like I have flicked every switch now.

Plus, I would prefer to leave requestValidation on for everywhere except this item, however, if I can just turn it off at all, it would be a good start.

Many thanks

Answer 1

Try adding validateRequest="false" in the properties at the top of the page like this:

%@ Page Language="C#" AutoEventWireup="true" CodeBehind="page.aspx.cs" validateRequest="false" Inherits="Project.UI.page" %>

But be careful to check html for any malicious scripts that users may add when validation is off.

UPDATE: Try adding this to your user control codebehind.

protected void Page_Init(object sender, EventArgs e)
{
    try
    {
        ((umbraco.UmbracoDefault)this.Page).ValidateRequest = false;
    }
    catch { }
}