terça-feira, 10 de julho de 2012

asp.net mvc 3 a potentially dangerous request.form value was detected fixed

Hi.




If you are getting the message below"a potentially dangerous request.form value was detected " , you can fix by adding the following code in your controller.

    [ValidateInput(false)]
    public class MyController: Controller
  {
        protected override void ExecuteCore()
        {

            NameValueCollection filteredQueryString = new NameValueCollection(Request.QueryString);
            PropertyInfo isreadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
            isreadonly.SetValue(this.Request.QueryString, false, null);
            Request.QueryString.Clear();
            foreach (string key in filteredQueryString)
                Request.QueryString.Add(key, Server.HtmlEncode(filteredQueryString[key]));

            NameValueCollection filteredForms = new NameValueCollection(Request.Form);
            PropertyInfo isreadonlyForm = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
            isreadonlyForm.SetValue(this.Request.Form, false, null);
            Request.Form.Clear();
            foreach (string key in filteredForms)
                Request.QueryString.Add(key, Server.HtmlEncode(filteredForms[key]));
    }
}
Postar um comentário