CKeditor A potentially Dangerous Request.Form Value Was Detected From The Client

This solution does not require to use:
<httpRuntime requestValidationMode=”2.0″/> in web.config
or add attribute [ValidateInput(false)] to your action.

I’m using MVC2 ASP.NET 4.0 and Enitity Framework

Here we go:

1. In CKeditor config.js file


CKEDITOR.editorConfig = function (config) {
config.language = 'en',
ignoreEmptyParagraph = true;};

2. In your aspx page  include:

<script type="text/javascript" src="<%= Url.Content("~/Content/scripts/wysiwyg/ckeditor.js")%>"></script>

3. Now let’s say that your View is strongly typed.

<% using (Html.BeginForm()) {%>
   <%: Html.ValidationSummary(true) %>
   <fieldset>
   <legend>Fields</legend>
            <div>
                <%: Html.TextBoxFor(model => model.Title) %>
                <%: Html.ValidationMessageFor(model => model.Title) %>
            </div>
            <div>
                <%: Html.LabelFor(model => model.Descripcion) %>
            </div>
            <div>
                <%-- Instead of
                <%: Html.TextBoxFor(model => model.Description) %>
                 use: --%>
                <textarea id="Description" name="Description" rows="2">
                     <%= Model.Description %>
                </textarea>
                <%: Html.ValidationMessageFor(model => model.Description) %>
            </div>
            <p>
                <input type="submit" value="Save" />
           </p>
   </fieldset>
 <% } %>

<script type="text/javascript">
    CKEDITOR.replace('Description', { toolbar: '1', htmlEncodeOutput: true});
</script>

 

4. Your action will look this:

[HttpPost]
public ActionResult Create(MyModel model)        {

if (ModelState.IsValid)            {
     // use System.Net.WebUtility.HtmlDecode() to store unencoded HTML
     model.Description =  System.Net.WebUtility.HtmlDecode(model.Description);
     var entity = EntityAssemblerService.MyModelToEntity(model);
     var result = _repository.Add(entity);
     _repository.Save();
    return View(model);
}
else  {
return View(model);
}
}

Good Luck

You may also like...

  • yuriboy

    thankz! it helps me a lot…

  • John Ortega

    This article showed me some things and reminded of some of the config options for CKEditor that came in very useful for me.  Thank you.

  • http://www.thoughtresults.com Saeed Neamati

    I did what you explained here. But it didn’t work. I’m using ASP.NET Web Forms. Are you saying that the problem is that we shouldn’t use CKEditor user control?

    • Anonymous

      Do you still get this error message? This solution is for ASP.NET MVC but I guess it will work for Web Forms too.  Just stick the textbox control, name it and add class name to it. 

  • Pingback: cheap fast reliable elo boost euw eune turkey north america oceania

  • Pingback: rinoplastica milano