Validation detected dangerous client input - post from TinyMCE in ASP.NET

Question

I get this error when I post from TinyMCE in an ASP.NET MVC view.

Error:

Request Validation has detected a potentially dangerous clien

Answer 1

I had the same problem. I didn't want to disable ASP.NET MVC validation feature, so I kept looking until I reached this solution:

At the tinyMCE plugin code encode your content (I'm using the older version)

tinyMCE.init({
   ...
   encoding: "xml"
});

And after this I didn't get any more the application validation error. Then I came up with another problem when I edited my form the code would come up with the html tags

My input value

instead of this

My input value

So, I had to decode the html for that field when getting my values at the Controller, like this:

...    
entity.field = HttpUtility.HtmlDecode(entity.field);