I am creating a small CMS, I have a page with an HTML editor. the user enters text, submit, this of course populates a sqlServer database.
When I submit the form, I get the following error:
a potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$elm2="<p>Test</p>").
I tried different things:
- I added ValidateRequest="false" on the top of the page
- In the code behind which deals with the Insert to DB, my Insert parameter is as follow:
commI.Parameters["@body"].Value = HttpUtility.HtmlEncode(elm2.Text);
None of the above have fixed it
Yes it is due to .net framework 4.0....
solution is put below tag under <system.web>.......
<httpRuntime requestValidationMode="2.0" ></httpRuntime>
add validateRequest="false" in your page directive and check it
If you just want to fix the error you can add the following to your .config file which will allow the ValidateRequest="false" directive to take effect with .net v4
I am pretty sure thats all that needs to be done
enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false"
in the Page directive
On page directive set ValidateRequest="false" and your error will be solved......
You can try ClientScript.RegisterForEventValidation function & keep EventValidation ON.
If this doesn't help, please post your code.
Thanks for that, that nailed it.