-1

I'm using Rich Editor

It shows me this error

Return Null t.FullText = HttpContext.Request["Editor1"];

Pic

View : 

<div class="name">
    <label id="lbl-full-text">FullText : </label>
  @* @Html.TextAreaFor(model => model.FullText)*@
    <div name="FullText" style="margin-right: 109px;    margin-top: -34px;">
        @Html.Raw(ViewBag.Editor)
    </div>
</div>

Controller :

[HttpPost, ValidateInput(false)]
public ActionResult CreateNews(Tbl_News t, HttpPostedFileBase pic, int Category = 0)
{
    string content = Request.Unvalidated["Editor1"];
    .
    .
    .
    t.FullText = HttpContext.Request["Editor1"];

}

MetaData :

[AllowHtml]
public string FullText { get; set; }

How can I resolve this ?

ekad
  • 14,436
  • 26
  • 44
  • 46
Mr Coder
  • 13
  • 1
  • 9
  • 3
    Possible duplicate of [A potentially dangerous Request.Form value was detected from the client](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client) – Jonesopolis Aug 25 '16 at 12:51
  • Possible duplicate of [Allow User to input HTML in ASP.NET MVC - ValidateInput or AllowHtml](http://stackoverflow.com/questions/3621272/allow-user-to-input-html-in-asp-net-mvc-validateinput-or-allowhtml) – Ricardo Pontual Aug 25 '16 at 12:52
  • No . i do this step , but its not work – Mr Coder Aug 25 '16 at 12:53

3 Answers3

1

use System.Web.HttpContext.Current.Request.Unvalidated.Form["Editor1"] disabling the input validation for the whole page or all pages is a bad idea!

Peter
  • 37,042
  • 39
  • 142
  • 198
0

There are a few ways to handle this. Not all in my opinion are the best approach.

Here is probably the worst

Shotgun approach

<httpRuntime requestValidationMode="2.0"/>

Slightly better in that you turn it off on a particular page

<configuration>
        <system.web>
            <pages validateRequest="false" />
        </system.web>
</configuration>

Here you can turn it off for a particular section of your site

<configuration>
...
<location path="MyFolder/.aspx">
<system.web>
<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" />
</system.web>
</location>
...
</configuration>

Another approach if you are using mvc is to add the validate input attribute to your action:

[ValidateInput(false)]

It's been a while since I've had to do these in any of the sites I've created but I think they still work.

Ron
  • 57
  • 4
0

I Finally made this work by intercepting the edited value in jQuery before AJAX posting and escape the value like:

$("#Textareaeditor").val(escape(-get value from editor-);

Then, serverside you just do:

model.property = URI.unEscapeDataString(model.property).

This works for md when nothing else did and I did not want to set requestValidationMode=2.0.

kayess
  • 3,384
  • 9
  • 28
  • 45
Hans
  • 66
  • 4