ASP.NET has built-in request validation in order to prevent security issues such as Cross Site Scripting. If you have a form with an editor such as TinyMCE on it and perform a postback, ASP.NET will present you with an error page:
“A potentially dangerous Request.Form value was detected from the client…”
In order to prevent this error mesage, you can disable Request Validation by disabling it in your web.config file (for all the files in that location) or by adding a Page directive to specific pages:
<%@ Page ValidateRequest="false" ... %>
Today I was working on an ASP.NET MVC application in which I needed to integrate TinyMCE, and was surprised to see that neither the Page directive nor the web.config adjustment solved this problem. Eventually, Google helped me find the solution.
In order to disable request validation in ASP.NET MVC, you need to add a ValidateInput attribute to your controller’s method, as shown in the code fragment below:
public ActionResult Edit(string editor)
ViewData["editor"] = editor;
Works like a charm… However, do note that you may need to implement your own request validation in order to prevent users from using the text editor to execute malicious scripts.
If you found this post helpful, please click below to “Kick” it: