.Net Jonesie - MVC Release Candidaite 1

Monday, February 02, 2009

MVC Release Candidaite 1 - an issue for me by Peter

Microsoft have release ASP.Net MVC RC 1 last week - twice. The first release was quickly refreshed to fix some issues so if you downloaded early last week, you may need to get the download again. Check here.

I have had a quick attempt to upgrade my 1 project and it all worked pretty sweetly and the upgrade process was very SIMPLE.

However. Several of my crud views use FckEditor for long text fields. A post-pack of these views triggers page validation:

A potentially dangerous Request.Form value was detected from the client

Normally, turing off page request validation in the page and / or web.config will fix this :

but for me and others (see comments at Phil Haack link above) this does not help.

So, looks like I will be rolling back to the beta until this is resolved.

Update:

RTFB! http://haacked.com/archive/2009/02/07/take-charge-of-your-security.aspx. I haven't tried this yet, but it is almost certainly the solution.

Monday, February 02, 2009 9:42:02 AM (New Zealand Daylight Time, UTC+13:00)

Comments [1] General |

Wednesday, February 11, 2009 3:11:41 PM (New Zealand Daylight Time, UTC+13:00)

Not sure if you found the answer to this yet, but I had the same problem. Essentially the validateRequest attribute no longer should be set on the pages for MVC, but instead should be set on the controller (which makes sense since the controller is what processes the submission now and not the page). So put a [ValidateRequet=false] attribute on your controller class (or on just a single action whichever you prefer) and you should be all set. I have a bit more detail in the home page link I provided.

Artie

Comments are closed.