I have the following header of ASP.Net MVC page:

<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Admin.Master" Inherits="System.Web.Mvc.ViewPage<NEOGOV_Ideas.Models.SubIdeaAdminPage>"
ValidateRequest="false" %>

I need to move this page to Razor syntax. How should I set ValidateRequest? Thanks

You shouldn't need that line in the view, instead use the ValidateInput(false) attribute on the controller method.

Make sure you've got this in your web.config if you're using ASP .net 4.0 (which I presume you are if you're using MVC 3)

<httpRuntime requestValidationMode="2.0"/>

Martin

Decorate your action method with ValidateInput attribute

[HttpPost]
[ValidateInput(false)]
public ActionResult index()
{
    return view();
}

You shouldn't need that line in the view, instead use the ValidateInput(false) attribute on the controller method.

Make sure you've got this in your web.config if you're using ASP .net 4.0 (which I presume you are if you're using MVC 3)

<httpRuntime requestValidationMode="2.0"/>

Martin

From MVC 4 we can allow html content only for property of model class, not for the whole request. Just need to mark property by attribute AllowHtml

public class EditorialPixlocateRequestViewModel
{
    [AllowHtml]
    public string Xml { get; set; }
}

If you are using Razor syntax in a CSHTML page without MVC, this was the solution that ultimately worked for me. The link below lead me to this result.

var xml = Request.Unvalidated().Form["Xml"];

https://www.codeproject.com/Questions/5317736/How-to-avoid-potential-dangerous-request-From-valu