Tuesday, 10 April 2012

How to handle “A potentially dangerous Request.Form value was detected from the client…” in MVC


There are different ways to handle this error. Depends on your requirement you can chose how to solve it.

1- Handle it for a specific property

Add [AllowHtml] to model property.  Like following

public class InvitationViewModel
       {

[AllowHtml]
public string Message { get; set; }

}

2- Handle it on Action Method

Add [ValidateInput(false)] to the action. Like Following
[HttpPost, ValidateInput(false)]
public ActionResult Create(ObjectId id, string comment)
{
//do something
}



3- Handle it Globally in Global.asax.cs

protected void Application_Error()
              {
                     Exception lastError = Server.GetLastError();
                     if (lastError is HttpRequestValidationException)
                     {
                           //redirect to a static page and show proper error message
                     }
                                }

4- Add Regex and show proper error message to the user when user enters xml codes ‘<>’ in their textbox 

Add [RegularExpression] to model property.  Like following

[RegularExpression(@"/?\w+\s+[^>]*",ErrorMessage = "you are not allowed to enter HTML tags")]
public string Subject { get; set; }



5- Change  input box and use different control
Post a Comment