When I edit my username as html tag or xml tag it will generate exception like: `potentially dangerous Request.Form` in `filterContext.HttpContext.Request.Params["key"];` But i have mension `[ValidateInput(false)]` why it's not handled in `MyFilter` class. ---------- Following is my code: **FilterConfig.cs**: public class FilterConfig { public static void RegisterGlobalFilters(GlobalFilterCollection filters) { filters.Add(new MyFilter()); } } **MyFilter.cs**: public class MyFilter: IAuthorizationFilter { public void OnActionExecuted(ActionExecutedContext filterContext) { SessionDataManagement.BackupCurrent(); } public void OnAuthorization(AuthorizationContext filterContext) { string requestID = filterContext.HttpContext.Request.Params["key"]; } } **MyController.cs**: public class CompanyController : BaseController { [HttpPost] [ValidateAntiForgeryToken] [ValidateInput(false)] public ActionResult Edit(Class1 objCompany) { //Logic } } **Class1.cs**: public class Class1 { [Required] [AllowHtml] [StringLength(200)] public string UserName { get; set; } }
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
Submit an article or tip