Disable ValidateRequest for a specific page

Question

Friends I am in trouble and need your help.

For database management in the admin section of my website I have few text fields where I would like to input data along with HTML tags. As soon as i add any HTML tag such as < BR /> the SQLDATASOURCE Update gives an error "A potentially dangerous Request.Form value was detected from the client"

Already tried ValidateRequest="false" but it didnt work Can not use AJAX Editor due to space issue.

<httpRuntime requestValidationMode="2.0" />

If i use httpRuntime requestValidationMode then it disable validation on the whole website making it open for hackers.

Friends how can i disable ValidateRequest only for specific page(s) in the admin section only

score 4 · Accepted Answer · answered Mar 14 '12 at 08:25

In .Net Framework 4.0, if you set requestValidationMode="2.0" in web.config, it doesn't means the whole site be will disabled for validation. It just changed back to 2.0 validation mode which validate only for .aspx pages. So you can apply validateRequest page driective attribute to false for the pages you want to disable after setting to 2.0 mode.

MSDN: requestValidationMode=2.0. Request validation is enabled only for pages, not for all HTTP requests. In addition, the request validation settings of the pages element (if any) in the configuration file or of the @ Page directive in an individual page are used to determine which page requests to validate.

score 2 · Answer 2 · answered Mar 14 '12 at 07:52

2

You can set an attribute on your controller methods or controller to disable the validationRequest

[ConfigurationPropertyAttribute("validateRequest", DefaultValue= false)]

answered Mar 14 '12 at 07:52

QQping

1,370
1
13
26

can you explain a bit more please how to do so – Ali Khan Mar 14 '12 at 20:42
I think I described the usage a little bit off... (sometimes my english hits the bottom) so what I wanted to say is you can set the validateRequest for specified properties like this: `[ConfigurationPropertyAttribute("validateRequest", DefaultValue = false)] public string WantedValue { get; set; }` – QQping Mar 15 '12 at 13:56

score 0 · Answer 3 · answered Mar 14 '12 at 08:16

0

You are missing the ValidateRequest="false" in your page directive

answered Mar 14 '12 at 08:16

Pankaj

9,749
32
139
283

i already have ValidateRequest="false" there here is the code <%@ Page Title="" Language="C#" MasterPageFile="~/Admin/Master/MasterAdmin.master" AutoEventWireup="true" CodeFile="PhoneDataAdd.aspx.cs" Inherits="Admin_PhoneDataAdd" ValidateRequest="false" %> – Ali Khan Mar 14 '12 at 20:42

Disable ValidateRequest for a specific page

3 Answers3