I recently used ASP. net mvc 3. When I input HTML code to the server through the TinyMCE HTML editor, I received the following error message:
Exception details: System. Web. HttpRequestValidationException: Potential Request. Form values are detected from the client (test = "<a> adfasdf </a>.
Obviously, this is ASP. NET to prevent cross-site scripting attacks, however, under my circumstances, I do need ASP. NET temporarily closes this check mechanism, because at this time I need to save the original HTML text. I searched the internet and found that many people's solutions were a bit crude, or they directly disabled the HTML cross-site attack detection mechanism of the entire site:
- Add
- In the <pages> section, set validateRequest = "false" to disable request verification.
It is safe to disable the detection mechanism of the entire Page. That is, request verification is disabled by the Page command on the webform Page, or [ValidateInput (false)] is added to the Controller of MVC. attribute. The following razor syntax page allows you to reproduce this problem:
Code <! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Strict // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Title> Sample Page </title>
<Script src = "@ Url. Content ("~ /Scripts/jquery-1.4.2.min.js ")" type = "text/javascript"> </script>
<Script type = "text/javascript" src = "@ Url. Content ("~ /Scripts/tinymce/tiny_mce.js ")"> </script>
<Script type = "text/javascript" src = "@ Url. Content ("~ /Scripts/tinymce/jquery. tinymce. js ")"> </script>
<Script language = "javascript" type = "text/javascript">