Search code examples
asp.net-mvcvalidationdata-annotationsxval

ASP.NET MVC ValidateInput(false) stops working with xVal and [RegularExpression] DataAnnotation


I would like to intercept the "<" character in the form field by a regex validator. I will describe the problem in 3 steps:

Step 1: When I try to submit a form with a field containing the "<" character, I get the "Potentially dangerous request..." - as expected in ASP.NET.

Step 2: To avoid ASP.NET's RequestValidation, I decorate my Update method in the controller with "[ValidateInput(false)]".

It works as expected - now I can post "<" character without error.

Step 3: I use xVal with DataAnnotations. For example, [Required] or [StringLength(255)] works as expected.

BUT when I use: [RegularExpression("^[^<>]*$", ErrorMessage = "Special characters are not allowed.")], I get the "Potentially dangeros request..." error again, despite the [ValidateInput(false)] directive.

What's happening? Is there a simpler way for regex validaton, but with [ValidateInput(false)] in place? Of course, I'd like to have my validation code in the model, not in the controller.


Solution

  • No, it was an issue in MVC 1 + xVal. In MVC 2 the validation works as supposed (and there's no need for xVal anymore) – Alex42

    Looks like the bot keeps on pushing this one to the top still. Could you mark an answer as accepted so that it knows?