Geek asks and answers

How can I ignore the HttpRequestValidationException and the encoded HTML itself during model binding?

I am trying to understand how I can ignore the HttpRequestValidationException thrown during model binding.

In this deal, I know how to process HTML messages and bind to a property that expects HTML (using the AllowHtml attribute), but when the user sends HTML code to a field that should not allow HTML, I want to automatically encode this value during model bindings.

I created a custom mediator to catch the HttpRequestValidationException exception, but whenever I try to get the value from Request.Form, you get the same exception.

Is there an automatic way to do this in MVC3?

Do I need to add AllowHtml to all the properties of the model, and then encode it myself in action?

Can I access the HTML message that will be sent to me during the binding to the model without throwing an HttpRequestValidationException every time I request it from Request.Form?

Thanks for any help you can provide.

Edit I do not want to disable the check for all actions. This is a little radical if I want to make sure that the exception is not thrown when someone enters html in a form that they should not have.

+3
source share
3 answers

. . , . , querystring unvalidated.

System.Web.Helpers.UnvalidatedRequestValues unvalidatedRequest = System.Web.Helpers.Validation.Unvalidated(Context.Request)
System.Collections.Specialized.NameValueCollection form = unvalidatedRequest.form

requestValidationMode . .

+3

Fan711 .

public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext) 
{ 
    //... code here 
    controllerContext.HttpContext.Request.Unvalidated.Form.GetValues(key); 
    //... code here 
}
+2

Sort of:

[HttpPost, ValidateInput(false)]
public ActionResult Edit(FormCollection collection)
{
    // ...
}

See this for more: A potentially dangerous Request.Form value was detected from the client

0
source

More articles:


All Articles