Error / Cause:
In .NET we have Request validation, which is a feature to prevent the server from accepting content from the client side containing un-encoded HTML. It helps to prevent client script-injection attacks submitted to a server for malicious intent. Even thought the intension of such feature is good, it can also cause some issues for us. For instance, I am trying to pass xml data in an input field and the Request validation is preventing the page from proceeding to the server.
Solution:
- When using up to .NET 2
- Two options:
- On the page you would like to run your un-encoded HTML, on the aspx page at the top (line 1 along with Page Language=”C#” ….) add:
ValidateRequest="false"
- Otherwise, if you would like to switch validation off globally for all pages, in your web.config under the system.web section add:
<pages validateRequest="false" />
- On the page you would like to run your un-encoded HTML, on the aspx page at the top (line 1 along with Page Language=”C#” ….) add:
- Two options:
- When using newer version of .NET
- First do the either of the about to turn off validation.
- In your web.config, find the HttpRuntime and set requestValidationMode to 2.0 as follows:
<httpRuntime requestValidationMode="2.0"/>
This should do the trick!