CKeditor A potentially Dangerous Request.Form Value Was Detected From The Client

Thursday 26th, May 2011 / 13:07 Written by

This solution does not require to use:
<httpRuntime requestValidationMode=”2.0″/> in web.config
or add attribute [ValidateInput(false)] to your action.

I’m using MVC2 ASP.NET 4.0 and Enitity Framework

Here we go:

1. In CKeditor config.js file

CKEDITOR.editorConfig = function (config) {
config.language = 'en',
ignoreEmptyParagraph = true;};

2. In your aspx page  include:

<script type="text/javascript" src="<%= Url.Content("~/Content/scripts/wysiwyg/ckeditor.js")%>"></script>

3. Now let’s say that your View is strongly typed.

<% using (Html.BeginForm()) {%>
   <%: Html.ValidationSummary(true) %>
                <%: Html.TextBoxFor(model => model.Title) %>
                <%: Html.ValidationMessageFor(model => model.Title) %>
                <%: Html.LabelFor(model => model.Descripcion) %>
                <%-- Instead of
                <%: Html.TextBoxFor(model => model.Description) %>
                 use: --%>
                <textarea id="Description" name="Description" rows="2">
                     <%= Model.Description %>
                <%: Html.ValidationMessageFor(model => model.Description) %>
                <input type="submit" value="Save" />
 <% } %>

<script type="text/javascript">
    CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});


4. Your action will look this:

public ActionResult Create(MyModel model)        {

if (ModelState.IsValid)            {
     // use System.Net.WebUtility.HtmlDecode() to store unencoded HTML
     model.Description =  System.Net.WebUtility.HtmlDecode(model.Description);
     var entity = EntityAssemblerService.MyModelToEntity(model);
     var result = _repository.Add(entity);
    return View(model);
else  {
return View(model);

Good Luck

, , , ,
  • yuriboy

    thankz! it helps me a lot…

  • John Ortega

    This article showed me some things and reminded of some of the config options for CKEditor that came in very useful for me.  Thank you.

  • Saeed Neamati

    I did what you explained here. But it didn’t work. I’m using ASP.NET Web Forms. Are you saying that the problem is that we shouldn’t use CKEditor user control?

    • Anonymous

      Do you still get this error message? This solution is for ASP.NET MVC but I guess it will work for Web Forms too.  Just stick the textbox control, name it and add class name to it. 

  • Pingback: cheap fast reliable elo boost euw eune turkey north america oceania()

  • Pingback: rinoplastica milano()

  • Pingback: phentermine()

  • Pingback: hampton bay ceiling fans()