.Net Framework 4.5.2, Visual Studio 2015, IIS Express
I want to send requests like http://localhost:49974/xxx/xml/<a><b></b></a> to my application. This results in a server error and the message: A potentially dangerous Request.Path value was detected from the client (="/xxx/xml/<a><b></b></a>").
Following the instructions from MSDN I have set requestValidationMode="2.0":
<system.web>
<httpRuntime requestValidationMode="2.0" targetFramework="4.5.2" />
</system.web>
And and added [ValidateInput(false)] to cotrtoller's action:
[ValidateInput(false)]
public ActionResult Xml()
{
return View("../Home/Index");
}
However I still get exactly the same error on the request presented above.
If you are able to convert the acionmethod to use a model for receiving the data, you can specify the [AllowHtml] Attribute on the modelproperty.
This also ensures that the validation is only skipped for this specific property.
ActionMethod:
public ActionResult Xml(XmlModel vm)
{
return View("../Home/Index");
}
Model
public class XmlModel
{
[AllowHtml]
public string xml { get; set; }
}
your url would look like http://localhost:49974/xxx/xml/?xml={your xml string}