I have a textbox in a web form where an admin user can add HTML to be submitted for entry into the database.
In the past, I've always added ValidateRequest="false" to the Page when submitting HTML data to avoid validation error. However, with this website, even with ValidateRequest set to false, I'm getting the following error:
A potentially dangerous Request.Form value was detected from the client
I've heard this is to do with .NET 4 security, but this is an ASP.NET 3.5 application.
Why am I still getting this error?
RequestValidation has significant changes in .Net 4.0.
Take a lot at: http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode(VS.100).aspx
To solve your problem you have to set requestValidationMode to a value less than 4.0 in httpRuntime in weh.config like this:
<httpRuntime requestValidationMode="2.0" />