1

I'm stuck on a catch 22 here. I have an issue where these two attributes are not working together. The [AllowHtml] attribute on my property works if I remove the [CaptchaVerify] attribute from the controller action.

I'm getting the

A potentially dangerous Request.Form value was detected from the client

exception.

How can I get round this?

Here's my property that should allow html:

[AllowHtml]
[Required(ErrorMessage = "Please enter a comment.")]
public string CommentText
{
    get; set;
}

My View looks like this (I've truncated it for this example):

@using CaptchaMvc.HtmlHelpers

@using (Html.BeginForm("Article", "Home", FormMethod.Post))
{
    @Html.TextBoxFor(m => m.CommentText, new { @class = "form-control" })
    @Html.Captcha("Refresh", "Enter the phrase shown above", 4, "Captcha image is required.", false)
    <input type="submit" value="Post" />
}

My Controller looks like this:

[HttpPost]
[CaptchaMvc.Attributes.CaptchaVerify("Captcha is not valid")]
public async Task<ActionResult> Article(ArticleModel model)
{
    // Check the captcha.
    if (ModelState["CaptchaInputText"] != null && ModelState["CaptchaInputText"].Errors.Count > 0)
    {
        ViewBag.CaptchaError = "Please fill in the text above";
    }

    // Rest of my action
}
Liam
  • 27,717
  • 28
  • 128
  • 190
Noobie3001
  • 1,230
  • 18
  • 31

2 Answers2

1

I downloaded the source code, and found a solution.

Unfortunately they need to make a change on their source code https://captchamvc.codeplex.com/workitem/11

You can download the source code and make the change your self following the link above, or wait for then to update the source code.

Lucas Roselli
  • 2,810
  • 1
  • 15
  • 18
0

I'm still doing some research, but for now I found this solution, change the web config:

https://stackoverflow.com/a/17258129/3202657

Doing this change it will disable all forms requests validations, so I strongly don't recommend

I try to add a globalfilter too, but it didn't work:

  public static void RegisterGlobalFilters(GlobalFilterCollection filters)
  {
     filters.Add(new ValidateInputAttribute(false));
  }

This library it's a open source, try downloading and debuging the code

Community
  • 1
  • 1
Lucas Roselli
  • 2,810
  • 1
  • 15
  • 18