I have implemented custom ActionFilterAttribute
to create custom web access log and OnActionExecuted
I try to access ActionExecutedContext.HttpContext.Request.Form
collection using Request.Form.GetValues("key")
i get this error:
A potentially dangerous Request.Form value was detected from the client (Aplications[0].Name="...."
because in my submitted form inputs contains HTML code.
I don't want to disable some .net MVC integrated security using validateRequest="false"
and also I can't set to all my input or actions [AllowHtml]
or ValidateInput(false)
because my action filter catch all my controllers.
I found a hack solution but is no other option?
using (var reader = new StreamReader(request.InputStream))
{
var content = reader.ReadToEnd();
var inputsNameValueCollection = HttpUtility.UrlDecode(content).Split('&');
foreach (string input in inputsNameValueCollection)
{
var inputNameValue = input.Split('=');
var inputName = nameValue[0];
var inputValue = nameValue[1];
}
}