0

I trying to assign a string of the following type to a string variable in C#. I have looked at [ValidateInput(false)] attribute but it disables validation for all the variables for the method it is used on. I just want it for one variable in the method.

<A HREF="http://www.google.com">

But I'm getting the following exception when running this code.

A potentially dangerous Request.QueryString value was detected from the client (mystr="<A HREF="http://www...").

I'm assigning like

mystr = Request.QueryString["content"]

Kindly help we how to fix this. I have tried writing [AllowHtml] tag above the variable declaration. My string variable is a part of the model which is defined in Models.

EDIT:
Thanks to CodeCaster, I accept this as my answer.

Community
  • 1
  • 1
Adze
  • 155
  • 1
  • 1
  • 12
  • Casing and (lack of) spaces are important. You did write `[AllowHtml]`, didn't you? – Hans Kesting Sep 29 '14 at 10:57
  • Yes, thanks for confirming though, i'll correct it in the question. – Adze Sep 29 '14 at 10:58
  • While improperly titled and worded, that [question I linked](http://stackoverflow.com/questions/2673850/validaterequest-false-doesnt-work-in-asp-net-4) is _the_ canonical question for the question _"How can I get unvalidated variables in ASP.NET"_. It doesn't matter it isn't exactly the same question, your answer is in there. – CodeCaster Sep 29 '14 at 11:12
  • Anyone searching for the same solution might not find the answer in that question. I request you to kindly unmark my question as duplicate. – Adze Sep 29 '14 at 11:16
  • Duplicates serve that exact purpose. An alternative question with the same problem and answers is [A potentially dangerous Request.Form value was detected from the client](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client). – CodeCaster Sep 29 '14 at 11:45

0 Answers0