AllowHtml not working

Question

I\'m building a Content Management System to allow people other than me to update stuff on the site.

I have a front-facing HTML form that sends data, via AJAX, to a

Answer 1

I had the same problem. "requestValidationMode="2.0"" was set in web.config, [AllowHtml] was also set on proper property and I still got the error "A potentially dangerous Request.Form value detected...".

But I observed that the controller method actually was called (I was able to debug the method) so this had to meant that validation is in fact turned off. In Call Stack I noticed repeatedly occurring of classes around cache like "System.Web.Caching.OutputCacheModule" and this led me to an idea that this has something to do with cache I had turned off on the whole controller like this "[OutputCache(NoStore = true, Duration = 0)]".

Based on this I tried to also set Location of the cache to OutputCacheLocation.None and this did the trick. So I ended up with [OutputCache(NoStore = true, Duration = 0, Location = OutputCacheLocation.None)] working and finally not validating and not failing my requests.