Request Validation - ASP.NET MVC 2

Asked 30/10, 2009 at 6:57 Answered 30/10, 2009 at 11:7

Solved asp.net-mvc asp.net-4.0 request-validation

Has request validation changed for ASP.NET MVC 2, more precisely, not validating?

I did the following:

Web.configs (in App directory and Views directory)

<pages
    validateRequest="false"

Controller/Action Attribute

[ValidateInput(false)]

In @Page View Directive

ValidateRequest="false"

The page still gets validated an exception is thrown when HTML content is posted.

UPDATE

Created a new ASP.NET MVC 2 Application and I modified the Home Controller's Index to this

    [ValidateInput(false)]
    public ActionResult Index(string InputText)
    {
        ViewData["Message"] = "Welcome to ASP.NET MVC!";

        return View();
    }

and my View Page

<% using(Html.BeginForm()){ %>
    <%= Html.TextBox("InputText") %>
    <input type="submit" />
<% } %>

And still the same issue, an exception is thrown.

Toogood answered 30/10, 2009 at 6:57 Comment(0)

I should read the error more carefully next time:

To allow pages to override application request validation settings, set requestValidationMode="2.0" in the configuration section. After setting this value, you can then disable request validation by setting validateRequest="false"

I put this in the application's web.config

<system.web>
  <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
</system.web>

and it worked.

Update:

I was running ASP.NET 4 thats why :P

Toogood answered 30/10, 2009 at 11:7 Comment(6)

Inside the <system.web> begin/end tags – Toogood 18/3, 2010 at 12:4

this did not work for me, I had to use the attributes for MVC2 RTM – Darice 16/6, 2010 at 12:48

@Alexandre Brisebois, odd are you using .NET 4? – Toogood 17/6, 2010 at 0:0

yes, but thinking of it, it's on a project that was upgraded by VS 2010 – Darice 17/6, 2010 at 0:9

I misunderstood your first comment. You have to use attributes AND this setting in your Web.config file for it to work in .NET 4 – Toogood 17/6, 2010 at 3:44

If you're using MVC4, you need to add this to the web.config in the Views directory, it didn't work for me when placed into the root web.config HTH :o) – Acker 8/3, 2012 at 10:31

^{Insert obligatory warning about XSS here.}

That you decorated the controller (or action) with the ValidateInputAttribute should be enough, as all validation is done at this controller level in ASP.NET MVC

I have just tried this now on an action, and it returns a nice, evil alert() when I output it, so I'd venture a guess that there's something else going on here.

Do you have an HandleErrorAttribute set up anywhere?

Vilify answered 30/10, 2009 at 9:3 Comment(2)

I implemented a custom viewpage you can see at #1480873 , looking to see if anything is causing it to validate with ASP.NET MVC 2 – Toogood 30/10, 2009 at 10:37

No HandleError attribute too. – Toogood 30/10, 2009 at 10:50

Recommended topics

Hot tags