Error on inputting data

[Aaron]

Hello,

I'm getting this error. ASP/VB2005

A potentially dangerous Request.Form value was detected from the client
(txtComments....

1. Add a "Debug=true" directive at the top of the file that generated the
error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>


I have done both of this items, together and seperately and still get the
errors.

Help!

TIA

 

[Guest]

You have invalid markup in there that's failing request validation. That's a
security feature, disable with:

<%@ page validaterequest="True"....

or in web.config with the <pages element for all pages.


Peter

 

[Aaron]

Peter,

The error is still coming on with your options--how can I get < > to get
thru easily.


Aaron

 

[Peter Blum]

Hi Aaron,

I think Peter meant to type:
<% @ Page validaterequest="false" ...
(he used "true")

Validaterequest affects all fields, cookies, querystring parameters and
hidden fields on the page. They are all protected until validaterequest is
set to false. If you want to maintain security against cross site scripting
attacks but allow certain HTML-like character strings through a specific
field, you need a different solution. I built one called VAM: Visual Input
Security: http://www.peterblum.com/vise/home.aspx. It gives you validators
that can monitor the entire page plus let you define rules specific to
individual fields so they can allow tags that are not allowed elsewhere on
the page. It also protects against SQL Injection and brute force attacks.

--- Peter Blum
www.PeterBlum.com
Email: (e-mail address removed)
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx