Allow user to POST html string to a httpHandler

Question

I am writing a content management system using JQuery.ajax & C#. The JQuery calls an httpHandler and POSTS the html from an html editor JQuery plugin.

I get an error in the handler about unsafe content (html basically) but I dont want turn off validation for the whole page, just the handler (the handler is part of a web control not the page).

So, is it possible to turn the validation off just for one handler? Or do I need to encode the html on the client?

In the end I went for the encoding on the client at HTML-encoding lost when attribute read from input field

But I would still be interested in opinions on this approach

score 2 · Accepted Answer · answered Feb 12 '11 at 12:43

I think this is a new feature/problem in ASP.NET 4.0. Before that they only did request validation with actual aspx pages, not handlers.

So, you can change the following setting in your web.config to make it act like 2.0, and then your pages will still validate but the handlers (any of them) will no longer use request validation.

<httpRuntime requestValidationMode="2.0" />

Here's the page with info about this change in 4.0.

score 1 · Answer 2 · answered Feb 11 '11 at 22:02

1

You could try disabling request validation for this particular handler in web.config:

<httpHandlers>
    <add path="foo.ashx" type="Foo.MyHandler" verb="*" validate="false" />
</httpHandlers>

answered Feb 11 '11 at 22:02

Darin Dimitrov

1,023,142
271
3,287
2,928

I tried this approach and it dosent make any difference. I read somewhere that this setting isnt related to post validation – Rich Andrews Feb 11 '11 at 22:08
http://msdn.microsoft.com/en-us/library/system.web.configuration.httphandleraction.validate.aspx – Rich Andrews Feb 12 '11 at 10:22

Allow user to POST html string to a httpHandler

2 Answers2