While developing an admin-page in MVC I kept getting the old "Potentially dangerous Request..." which occurs when trying to submit form data including html tags.
After adding the "validateRequest=false" to the pages-element in web.config (which turns this feature off in asp.net webforms) and checking that the page directive didn't ovveride this setting I was getting quite annoyed that I still got the exception on my page.
However - in MVC you need to set an attribute on your action in the controller to turn off validation:
[ValidateInput(false)]
public ActionResult Edit(int id, FormCollection collection)
{}
In my opionon I think that the setting is web.config should be read by the MVC actions as well as you otherwise need to define this attribute on all actions that might include html as a string parameter.
Prenumerera på:
Kommentarer till inlägget (Atom)
Inga kommentarer:
Skicka en kommentar