Potentially Dangerous Request

This error is one that most will get frequently. It goes something like this: A potentially dangerous Request.Form value was detected from the client (NumberOfTigersSent="<a"). Or, if you would prefer a screenshot...

Screenshot of the potentially dangerous request error.

I get this a lot.

This particular error was thrown on the Tigers Assault the Monkeys sample by putting "<a" into the input field and hitting the submit button. I left the flaw in the code there so you can go try it out for yourself so go ahead. I'll wait.

This error is a built-in security mechanism in ASP.NET. This keeps the site's user from being able to submit potentially harmful/hackish code back to the server. There are times to turn this off, such as an html comment form. But this is not a bug. This is good.

If you do want to turn it off, though, the solution is simple: add an attribute.

    [AcceptVerbs(HttpVerbs.Post)]
    [ValidateInput(false)]
    public ActionResult TigersAssaultTheMonkeys(int? numberOfTigersSent)
    {
    ...
    }

By adding [ValidateInput(false)] you tell ASP.NET not to throw that error. Problem solved.