Cannot post html when running on amazon-ec2 with mono and mvc3

Question

I have a site hosted on an Amazon Linux AMI box running mono through lighttpd. In the admin section of my site, I have a form that let's me create blog entries. Since I want to be able to store html, I set up my save controller action as follows:

[Authorize(Roles = "Admin")]
[HttpPost, ValidateInput(false)]
public ActionResult CreateBlog(Blog model) {
    if (ModelState.IsValid) {
        ContextFactory.BlogManager.Save(model);
        return RedirectToAction("Blogs");
    }
    return View(model);
}

Everything works fine locally, but when I deploy the code to our amazon instances, I get the following exception:

A potentially dangerous Request.Form value was detected from the client (Body=\"asd<br>asdas\").
System.Web.HttpRequestValidationException: A potentially dangerousr> Request.Form value was detected from the client (Body=\"asd<br>asdas\").<br>
 at System.Web.HttpRequest.ThrowValidationException (System.String name, System.String key, System.String value) [0x00000] in <filename unknown>:0 <br>
  at System.Web.HttpRequest.ValidateString (System.String key, System.String value, RequestValidationSource source) [0x00000] in <filename unknown>:0 <br>
  at Microsoft.Web.Infrastructure.DynamicValidationHelper.LazyWebROCollection.Validate (System.String key, System.String value) [0x00000] in <filename unknown>:0 <br>
  at Microsoft.Web.Infrastructure.DynamicValidationHelper.LazyWebROCollection.Get (System.String name) [0x00000] in <filename unknown>:0 <br>
  at System.Collections.Specialized.NameValueCollection.get_Item (System.String name) [0x00000] in <filename unknown>:0 <br>
  at ...

Any ideas?

Answer 1

I was actually able to fix it by adding <httpRuntime requestValidationMode="2.0"/> to my web.config

Answer 2

It sounds like the data that's getting posted back contains a <. This is disallowed to prevent possible script injection attacks. Here's a previous question on the topic that should be able to help you ou.