Vulnerability in EPiServer.Forms
I use ASP.NET MVC project with CMS 7.5. I created XForm in CMS with one field TextArea. When user type the characer '<'>'> into the input field and submit the form he get the YSOD with error message "A potentially dangerous Request.Form value was detected from the client...". According to the documentation I'd expect the XForm custom error "You have entered characters that are not permitted ("<" or ">").""> (lang translation key /xform/datatypes/defaulttype/inlineerrormessage).
Why the XForm error message is not rendered, but I can see the unhandled exception?
You have probably fixed this, but how does your web.config look like, the error you are getting is issued prior to XForm logic being executed? You need to disable the general validation from web.config file, if you haven't already?
These are the settings normally: validateRequest="false" and <httpRuntime requestValidationMode="2.0" />
Do you still get the error even with these?