{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 聊天终结者 的问题《A potentially dangerous Request.Form value was det》','https://www.manongdao.com/q-379297.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am also getting a request validation error when using WIF. I get correctly sent to the STS, but on the way back, I get this validation error.
I followed all the instructions.
<httpRuntime requestValidationMode="2.0" />
check!
[ValidateInput(false)]
check!
<pages validateRequest="false" >
check!
I tried a custom validator, but it never gets instantiated.
Error stack:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (wresult="trust:RequestSecuri...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +11396740
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +82
System.Web.HttpRequest.get_Form() +212
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.IsSignInResponse(HttpRequest request) +26
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.CanReadSignInResponse(HttpRequest request, Boolean onPage) +145
Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +108
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +270
Any suggestions?
In MVC 3 (not sure about 2) you can add a global filter in global.asax.cs e.g.
That coupled with the following should allow all data in and display it correctly and safely I think:
in web.config and using (note colon):
or in Razor:
and in some cases in Javascript:
after this add
also in mvc3 there is an AllowHtml attribute
here are some useful links
ASP.NET MVC – pages validateRequest=false doesn’t work?
Why is ValidateInput(False) not working?
See this answer if you are running .NET 4.5 which takes advantage of an updated request validator built in to ASP.NET.
You can put both constructs together in the system.web section as per ASP.NET : A potentially dangerous Request.Form value was detected from the client.
Note that this is standard ASP.NET functionality. It is not connected to WIF.