Disabling request validation in ASP.NET Web Pages
If you are developing ASP.NET Web Pages (not Web Forms or MVC) and you need to allow users to submit HTML or HTML-like content in input boxes you will find that the methods to avoid the A potentially dangerous Request.Form value was detected from the client error that work for ASP.NET Web Pages and MVC don't work for ASP.NET Web Pages.
For Web Pages you need to change the way you retrieve the submitted data and use the Request.Unvalidated() method.
These are the methods for retrieving submitted values and how you should change them to allow HTML data:
Request["key"] //will not allow HTML
Request.Unvalidated("key") //will allow HTML
Request.Form["key"] //will not allow HTML
Request.Unvalidated().Form["key"] //will allow HTML
Request.QueryString["key"] //will not allow HTML
Request.Unvalidated().QueryString["key"] //will allow HTML
If you are using ASP.NET Web Forms you can make a change in the web.config and/or indivudual pages to allow HTML values to be submitted.
On the individual page level you can add validateRequest="false" to your <@ Page ... %> directive in your .aspx file(s).
If targetting .NET framework 4 you will also need to add <httpRuntime requestValidationMode="2.0" /> to the system.web section of the web.config file:
You can also disable request validation for all pages by adding <pages validateRequest="false" /> to the system.web section of the web.config file.
<httpRuntime requestValidationMode="2.0" />
<pages validateRequest="false" />
by John Avis | August 18, 2020
I have an old website written in ASP.NET v4.x Web Pages v126.96.36.199 and when I upload changes to my shared hosting provider some cshtml files update fine and I can see the changes, but some do not.
by John Avis | July 17, 2013
ASP.NET Web Pages has a simple to use Namespace that help you open, query and send commands to a database, and to work with rows that are returned by SQL queries.