stackoom
  简体   繁体   中英

I can't turn off Request Validation for an ASP.NET MVC Controller

 原文  2009-07-10 15:59:15       c#/ .net/ asp.net/ asp.net-mvc/ request-validation

Question

I am trying to turn off Request Validation for all action methods in a controller by doing this: 

[ValidateInput(false)]
public class MyController : Controller
{
    ...

The reference I am using says this is possible and tells me to do it this way, but for some reason it's not working.

If I submit any html (even a simple <b> tag) through a text box, I get the error:

A potentially dangerous Request.Form value was detected from the client (text=<b>").

It's also not working by attaching the attribute to an individual method.

How can I disable Request Validation for a controller?

EDIT

I am working in VS2008 built in test server.

4 answers

solution1
 14 ACCPTED  2009-07-10 16:07:51

I tested it on my machine, on both the class definition and the action method, and it worked for me in both cases. Are you sure your view lines up with your method/controller? Are you putting the attribute on the GET method or the POST method? 

[AcceptVerbs(HttpVerbs.Post)]
[ValidateInput(false)]   
public ActionResult MyAction (int id, string content) {   
    // ...   
}

solution2
 13  2011-01-13 23:18:27

To make it working you need to modify web.config as well: 

<system.web>
    <httpRuntime requestValidationMode="2.0"/>
    ...
</system.web>

solution3
 2  2009-07-10 16:37:04

Pro ASP.NET MVC Framework (p466) says the following is supposed to work: 

public class MyController : Controller 
{
     public MyController() {
        ValidateRequest = false;
     }
}

solution4
 0  2009-07-10 17:54:19

Can you post your controller file and your view file.

This works;

MytestController-------------------------------- 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;

namespace testapp.Controllers
{
    [ValidateInput(false)]
    public class MyTestController : Controller
    {

        public ActionResult Index()
        {
            return View();
        }

    }
}

MyTest(Index)------------------------------------------------------- 

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Index</title>
</head>
<body>
 <% using (Html.BeginForm()) { %>
 <%= Html.TextBox("test")%>
 <button type="submit"  >Submit</button>
 <%} %>
</body>
</html>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Turn off mvc request logging in asp.net core 2.2 with serilog how can i keep my url when my validation fail in asp.net mvc controller action Turn off AutomaticChallenge in asp.net mvc core 2 OpenIdConnect How can I re-route a specific subdomain request to a different ASP.NET MVC controller? How can I manually validate a model in the controller after altering the request using ASP.NET MVC 5? MVC 2 and ASP.NET 4 Request Validation Exception Request Validation with ASP.Net MVC 5 Can't Fix ASP.NET MVC Validation How do I turn off the default logging done by ASP.NET and Entity Framework for each request? ASP.Net MVC can't find a namespace that is not included in the controller
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM