禁用特定页面的ValidateRequest

Question

Friends I am in trouble and need your help.

For database management in the admin section of my website I have few text fields where I would like to input data along with HTML tags. As soon as i add any HTML tag such as < BR /> the SQLDATASOURCE Update gives an error "A potentially dangerous Request.Form value was detected from the client"

Already tried ValidateRequest="false" but it didnt work Can not use AJAX Editor due to space issue.

<httpRuntime requestValidationMode="2.0" />

If i use httpRuntime requestValidationMode then it disable validation on the whole website making it open for hackers.

Friends how can i disable ValidateRequest only for specific page(s) in the admin section only

Answer 1

In .Net Framework 4.0, if you set requestValidationMode="2.0" in web.config, it doesn't means the whole site be will disabled for validation. It just changed back to 2.0 validation mode which validate only for .aspx pages. So you can apply validateRequest page driective attribute to false for the pages you want to disable after setting to 2.0 mode.

MSDN : requestValidationMode=2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate .

Answer 2

您可以在控制器方法或控制器上设置属性以禁用validationRequest

[ConfigurationPropertyAttribute("validateRequest", DefaultValue= false)]

Answer 3

您在页面指令中缺少ValidateRequest="false"