问题
I am getting this error in my ASP.NET MVC application where I am taking HTML input from a WYSIWYG so I don't want the content validated.
I have attempted the solution I found here but it seems to make no difference in my MVC application. I have also tried doing it in the web.config but again - no joy.
Is this a bug in ASP.NET MVC or something?
回答1:
In MVC you would use the ValidateInput(false) attribute.
You then need to sanitize your inputs, e.g. with something like this (built in to ASP.NET 4.5+; use NuGet package for earlier).
回答2:
In MVC 3 and later, you can also use the [AllowHtml] attribute. This attribute allows you to be more granular by skipping validation for only one property on your model.
https://docs.microsoft.com/en-us/dotnet/api/system.web.mvc.allowhtmlattribute?view=aspnet-mvc-5.2
回答3:
Just place this attribute: [ValidateInput(false)] on the action method on the controller that handles the form post.
回答4:
use <httpRuntime requestValidationMode="2.0" /> in web config
回答5:
In your controller action method, (the one which is bringing this) add [ValidateInput(false)]
Example
[HttpPost]
[ValidateInput(false)]
public ActionResult Insert(FormCollection formCollection, Models.Page page)
{
//your code
return View();
}
来源:https://stackoverflow.com/questions/1455528/a-potentially-dangerous-request-form-value-was-detected-from-the-client-asp-ne