ASP.Net 4.0 BlogEngine.Net A potentially dangerous Request.Form value

This one related to page save error in BlogEngine.net running under .Net 4.0. When saving edited content in the Administration screen you may get this error.

Raw Url : /admin/Pages/Pages.aspx?id=6a2f6007-b224-48f3-94f9-0b4af750668f
Message : A potentially dangerous Request.Form value was detected from
the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent=". 

ASP.Net validates page request data to protect against any possible XSS attacks. In ASP.Net 2.0, request validation is enabled for only ASP.Net pages and validated when those pages are executing. Whereas in ASP.Net 4.0, by default request validation is enabled for all requests. As a result validation applies to not only to ASP.Net pages but also to the Web service calls, Http handlers etc.. To prevent this error simply revert ASP.Net behaviour back to 2.0. To do this, add a configuration element in Admin Web.Config.

<httpRuntime requestValidationMode="2.0" /

Leave a Reply

Your email address will not be published. Required fields are marked *