I used ckeditor for getting text from user. this field name is "Body" and in model is allowhtml. For encrypted hidden redux used like this
and i have an error : A potentially dangerous Request.Form value was detected from the client error is in DecryptingControllerFactory :
public class DecryptingControllerFactory : DefaultControllerFactory
{
private readonly IEncryptSettingsProvider _settings;
public DecryptingControllerFactory()
{
_settings = new EncryptSettingsProvider();
}
public override IController CreateController(System.Web.Routing.RequestContext requestContext, string controllerName)
{
var parameters = requestContext.HttpContext.Request.Params;
var encryptedParamKeys = parameters.AllKeys.Where(x => x.StartsWith(_settings.EncryptionPrefix)).ToList();
IRijndaelStringEncrypter decrypter = null;
foreach (var key in encryptedParamKeys)
{
if (decrypter == null)
{
decrypter = GetDecrypter(requestContext);
}
var oldKey = key.Replace(_settings.EncryptionPrefix, string.Empty);
var oldValue = decrypter.Decrypt(parameters[key]);
if (requestContext.RouteData.Values[oldKey] != null)
{
if (requestContext.RouteData.Values[oldKey].ToString() != oldValue)
throw new ApplicationException("Form values is modified!");
}
requestContext.RouteData.Values[oldKey] = oldValue;
}
if (decrypter != null)
{
decrypter.Dispose();
}
return base.CreateController(requestContext, controllerName);
}
private IRijndaelStringEncrypter GetDecrypter(System.Web.Routing.RequestContext requestContext)
{
var decrypter = new RijndaelStringEncrypter(_settings, requestContext.GetActionKey());
return decrypter;
}
}
and error is this line :
var parameters = requestContext.HttpContext.Request.Params;
Error:An exception of type 'System.Web.HttpRequestValidationException' occurred in System.Web.dll but was not handled in user code
Additional information: A potentially dangerous Request.Form value was detected from the client how to solve this problem?