While working on a project I come across a problem while saving data in database. The data I was trying to save contains HTML tags. I created this web page using Entity Framework for data access, and auto generated controller for add admin page. This is really a nice feature of MVC3 and Visual Studio 2010. You can use it for a RAPID development. I will write a post on this feature soon.
Coming back to the problem, while trying to save HTML I get the following Error,
A potentially dangerous Request.Form value was detected from the client (Preq=”<li>Hardware and Sof…”).
I searched on web and find out that most of the solutions provided for this error is to disable the request validation through web.config. I am not agreed with solution, as it might be allow users to save HTML in any request. And possibility of increase in SQL injection attacks.
To solve this I make the ValidateInput = false only for that method of controller. Lets say your method name is CreateArtical and this method is saving data in database. And one column of incoming request contains the HTML tags. Your method will be look like this.
[HttpPost, ValidateInput(false)]
public ActionResult CreateArtical(Articals model)
{
if (ModelState.IsValid)
{
ArticalEntities db = new ArticalEntities();
db.Artical.Add(model);
db.SaveChanges();
}
return View(model);
}