A potentially dangerous Request.Form value was detected from the client in .Net 4

Question

So, this whitepaper describes one of the breaking changes in .Net 4 to be the error message "A potentially dangerous Request.Form value was detected from the client in", and the fix to enter into the Web.config file

I have 2 problems with this. Does this mean that any website where I want a wysiswyg editor like tinymce, or ckeditor, the requestValidationMode has to be 2.0? What benefits do you lose out on in this case? (if I lose no benefits to setting requestValidationMode to 2.0, why not set it by default so it doesn't break anything?)

In 2.0/3.5 I was able to set ValidateRequest on a page by page basis - this is of course still possible in .Net 4.0 , but in order to set it on a page level, I have to make a site wide change? Does this not seem entirely backward?

Have I got this right/is this as rubbish as it sounds, or have I missed something?

possible duplicate of [A potentially dangerous Request.Form value was detected from the client](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client) — Barmar, Jan 08 '13 at 17:11

score 0 · Accepted Answer · edited May 23 '17 at 10:32

0

seems to be already discussed in A potentially dangerous Request.Form value was detected from the client

edited May 23 '17 at 10:32

Community

1
1

answered Jul 12 '10 at 10:32

santa

983
9
30

Hm, sort of. It doesn't really address it being a .Net 4 problem, it really only looks at the general, how to cope with it issue. I want to know if there's something specific we should be doing in .Net 4, and if you lose anything by setting requestValidationMode to 2.0 – Paul Jul 12 '10 at 10:39

A potentially dangerous Request.Form value was detected from the client in .Net 4

1 Answers1