ddl autopostback and validators

[Guest]

Hello,

I have an web application that has a page with one dropdownlist
(AutoPostBack property is True), and some textboxes associated with regular
expression validators that avoid html tags. My problem is when I fill one of
these textbox with wrong data, like "<html>", and change the value of my ddl.
It generates a postback, but the page generates an error, about these data on
the textboxes. Can anyone help me to handle this?

Thanks

 

[Peter Blum]

I suspect that you are getting an exception page about illegal values that
were submitted. ASP.NET 1.1 protects you against Cross-site Scripting
attacks, which are a nasty ways hackers take over your web site and harm
your users. When the page's validateRequest property is set to true (which
is the default), anything that looks like an HTML tag causes this error. You
have to turn off the protection of validateRequest by setting <@ Page
validateRequest="false">.

You can learn more about this by reading the User's Guide to Visual Input
Security (http://www.peterblum.com/vise/home.aspx). It is a system that
provides even better security against hackers including allowing you to
replace the validateRequest attribute with something that can be setup on a
field-by-field basis. You can download the product's trial version for free
and read the User's Guide.

--- Peter Blum
www.PeterBlum.com
Email: (e-mail address removed)
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx