A potentially dangerous Request.Form


Share post:

A potentially dangerous Request.Form value was detected from the client |
CKEditor Error | FCKeditor1 | validateRequest=”false”

This is a typical error many times found by ASP.NET developers. In this post, we’ll see a few ways to stop it, both in Web Forms and in MVC. This error occurs mainly because HTML is found in the data submitted on the Web server. By default all inputs are reviewed for validation so that our web application has a simple defence against XSS attacks.

Error Description

ASP.NET has found potentially unsafe data in the request and it may contain the HTML markup or script. This explanation of the error implies any HTML markup or script entered which can be harmful for the server.


This error will come when you are using third paty tool like TinyMCE, ckEditor, etc. I am using CKEditor multiline text box. When i am sending any server request then i am geting this error “a potentially dangerous request.form value was detected“. If you click on any button or do some postback operation this error will come. 

Problem Details

ASP.Net input controls are checked by default for potentially inappropriate contents that may trigger Cross Site Scripting and SQL Injection attacks.

The ValidateRequest setting that is TRUE defaults to allow the above-mentioned exemption for malicious content.

The ValidateRequest setting in TRUE should then be required to allow validation on each ASP.Net request.


We can solve this problem at page level in web forms and using web config.

At Page Level

Simply write validateRequest = false in <% @ Page % > @ directive which is the first line of page aspx. To prevent validation of the submission, I made the following changes to the existing “page” directive in that .aspx file.

This will disable the validation of requests for the page you have set the ValidateRequest setting to FALSE.

<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest="false" %>

Must Read SQL – https://kordinate.world/software-development/ms-sql/

At Application Level – In Web.Config

You can disable the ValidateRequest setting for full application by setting it to FALSE in the System.Web section of Web.Config as shown below.

    <pages validateRequest="false" />  
    <httpRuntime requestValidationMode="2.0"/>

If your web application is an ASP.NET MVC project and you wish to prevent validation of the page for a particular view, you can apply this property to its controller

[Post, ValidateInput(false)]
public ActionResult XYZ(...) {

In MVC, you can explicitly specify the properties you wish to remove from the validation phase on your platform.

[HttpPost, ValidateInput(true, Exclude = "FieldName")]
public virtual ActionResult xyz(...)

Another solution to enabling HTML content is to place at the Model.

public string propertyName { get; set; }

Important Links

you can refer to following links which explains same issue “A potentially dangerous Request.Form


Raushan Kumar
A Cook, Software analyst & Blogger.


Please enter your comment!
Please enter your name here

More from Author

The 6 Best Ways to Improve Agent Performance

Phone calls are the most common way companies use to interact with their customers. That means your company's...

Mister Mummy Movie Download Available on Tamilrockers and Telegram Channel

Mister Mummy Movie has been leaked by Telegram and other torrent sites in 1080p, 720p and 480P. Here's...

Drishyam 2 Movie Download Available on Tamilrockers and Other Torrent Sites

Drishyam 2 Movie has been leaked by Telegram and other torrent sites in 1080p, 720p and 480P. Here's...

Enola Holmes 2 Movie Download Available on Tamilrockers and Telegram to Watch Online

Enola Holmes 2 Movie has been leaked by Telegram and other torrent sites in 1080p, 720p and...