IE only - A potentially dangerous Request.Form value was detected from the client (MVC-Razor)

问题

I'm doing a simple replace statement on a file with input from 2 textboxes and 2 drop down lists.

Platform is MVC 3, on a Razor page.

Problem is that the error is only thrown on IE, and only when published out on the server. Running the site from localhost on IE throws no errors.

I'm really curious as to why this is just an IE problem (It works fine in Chrome and Firefox)

Here's the code from the page:

<div class="form">
            @using (Html.BeginForm("AddZipCode", "DatabaseHelper"))
            {
               <!-- <div class="input">
                    @Html.LabelFor(m => m.Environment):
                    @Html.DropDownListFor(m => m.Environment, CustomHtmlHelper.GetEnvironmentSelectList(Environment, Model.Environment), "---")
                </div>-->
                <div class="input">
                    @Html.LabelFor(m => m.Zip):
                    @Html.EditorFor(m => m.Zip)
                </div>
                <div class="input">
                    @Html.LabelFor(m => m.County):
                    @Html.EditorFor(m => m.County)
                </div>
                <div class="input">
                    @Html.LabelFor(m => m.Zone):
                    @Html.DropDownListFor(m => m.Zone, CustomHtmlHelper.GetZoneSelectList(), "---")
                </div>
                <div class="input">
                    @Html.LabelFor(m => m.Market):
                    @Html.DropDownListFor(m => m.Market, CustomHtmlHelper.GetMarketSelectList(), "---")
                </div>
                <div class="buttons">
                    <!--<button type="submit" value="Submit" class="button refresh" name="Submit">
                        Submit</button>-->
                    <button type="submit" value="GetAddScript" class="button refresh" name="GetAddScript">
                        Get Add Script
                    </button>
                    <button type="submit" value="GetRollbackScript" class="button refresh" name="GetRollbackScript">
                        Get Rollback Script
                    </button>
                </div>
            }
        </div>

UPDATE: Thanks for the Fiddler tip @Danny Tuppeny. Here's the post from both IE and Chrome:

POST from Chrome:

Zip=77054&County=&Zone=Electric+Zone+for+CENTERPOINT&Market=CENTERPOINT&GetAddScript=GetAddScript

POST from IE:

Zip=77054&County=&Zone=&Market=&GetAddScript=<SPAN class="ui-button-icon-primary ui-icon ui-icon-refresh"></SPAN><SPAN class=ui-button-text>Get Add Script</SPAN>

@Charlino, that other post has the fix. Thanks both.

回答1:

Using Fiddler you should be able to check the contents of the form being posted to the server in both browsers, and compare them.

It sounds like IE might be sending HTML back that isn't encoded, but it's hard to tell why without seeing the request (or indeed, the HTML generated from the View you posted).

来源：https://stackoverflow.com/questions/7774161/ie-only-a-potentially-dangerous-request-form-value-was-detected-from-the-clien