ASP .NET MVC – Validate Request problem

As I said in my previous post, I’m working on an ASP .NET project and I’m learning new things about this technology

I had to integrate a WYSIWYG editor in my project and after doing that I got the classic ‘A potentatially dangerous Request.Form value was detected from the client’ exception at runtime. This error appears because I tried to post a string that was recognized by the server as a potential cross-site scripting attack. In classic ASP .NET in order to resolve this problem you can either encode the string and decode it back when using it, or you can add the ValidateRequest=”false” in you Page directive.

So I went for the second choice, but I was still having the same problem. After a little digging on Google I found what was the actual problem. In ASP .NET MVC all the validation is made at the controllers level. That’s quite logic because when the controller is executing we don’t know what view is going to be rendered. Additionally, if a user posts a malicious script by the time the view is rendered it’s too late to do anything about it. So in order to resolve the problem you have to decorate your controller or action with the attribute [ValidateInput(false)]. That way we can tell the controller or the action to surpress any validation.

ASP .NET MVC – Dynamic controls

I’m currently working on a project made with ASP .NET MVC and I had one problem the other day: How can I get the value of a dynamic generated input control in a controller? For example, let’s say that you have to put a number controls (textboxes, checkboxes etc.) on a view based on your applications logic. When the page is posted back to the server you want to be able to check the values of those controls in order to process them. To get those value you’ll have to look in the Request.Form collection after the name of your control.