Umbraco 6.02 MVC "A potentially dangerous Request.QueryString value was detected from the client"
So I have a searchresult partial view in umbraco which gets it search keyword from a query string. ( the search has no controller ) But whenever I search with eg. "<t>" I get an server error with the warning A potentially dangerous Request.QueryString value was detected from the client. I googled for a while and found the following fixes in the web.config:
However this does not work. My guess is the fixes works for asp.net forms and not for MVC. So I found this on a blog "[ValidateInput(false)]" however I guess this has to be added to an action of a controller, but like I said I don't have a controller. Has anyone any idea how to remove this validation in Umbraco MVC 6.02?
You are right, normally that attribute must be added to the controll method (or even the AllowHtml attribute for a single property on a model class). But in your case try to unvalidate the form request values by accessing them directly over the form collection:
Umbraco 6.02 MVC "A potentially dangerous Request.QueryString value was detected from the client"
So I have a searchresult partial view in umbraco which gets it search keyword from a query string. ( the search has no controller ) But whenever I search with eg. "<t>" I get an server error with the warning A potentially dangerous Request.QueryString value was detected from the client. I googled for a while and found the following fixes in the web.config:
- <httpRuntime requestValidationMode="2.0"/>
- <pages enableEventValidation="false" validateRequest="false">
However this does not work. My guess is the fixes works for asp.net forms and not for MVC. So I found this on a blog "[ValidateInput(false)]" however I guess this has to be added to an action of a controller, but like I said I don't have a controller. Has anyone any idea how to remove this validation in Umbraco MVC 6.02?
Hi Khai,
Did you get the solution to this problem.
You are right, normally that attribute must be added to the controll method (or even the AllowHtml attribute for a single property on a model class). But in your case try to unvalidate the form request values by accessing them directly over the form collection:
Request.Unvalidated().Form["userInput"];
http://msdn.microsoft.com/en-us/library/hh882339(v=vs.100).aspx
is working on a reply...