C# ASP.NET MVC Manually Accessing Request.Form & Potentially Dangerous values

Question

I\'m serializing and saving form and query string data to a database for each user request. This particular submitted model already has the [AllowHtml] attribute and submit

Answer 1

Accessing values with Request.Form[] will trigger request validation (hence the exception). You can use the Unvalidated property of HttpRequest to get the request values without triggering validation.

Replace

Request.Form[k]

with

Request.Unvalidated.Form[k]

Use with caution - from the documentation:

Security Note: If you use this property, you must manually check the data for potential cross-site scripting attacks.