Home/ Questions/Q 8117163
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T04:04:24+00:00

In my controller i had given [ValidateInput(false)] for that particular Action in my return

  • 0

In my controller i had given [ValidateInput(false)] for that particular Action
in my return view i also appended the search keyword also
my search keyword is < html

my url looks like
domainname/Clients?search=< html

In my view 

if (Request.QueryString.AllKeys.Contains("search"))
{
 string  search = Request.QueryString["search"].ToString();
}

then showing error

A potentially dangerous Request.QueryString value was detected from the client (search=”< html”).
How can i correct this error in my razor view ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to set the requestValidationMode to 2.0 in your web.config:

    <httpRuntime requestValidationMode="2.0" />

    Or use view models and the [AllowHtml] attribute in which case you are only allowing those characters for the given property:

    public class SearchViewModel
{
    [AllowHtml]
    public string Search { get; set; }
}

    and the controller action:

    public ActionResult Search(SearchViewModel model)
{
    if (!string.IsNullOrEmpty(model.Search))
    {
        string search = Model.Search;
    }

    ...
}

    In this case you don’t need neither the [ValidateInput(false)] attribute, nor the requestValidationMode="2.0" in your web.config.

    And hey, in addition to that you no longer need the magic strings in your controller action 🙂 You are working directly with models. Cool, isn’t it?

    • 0