potentially dangerous Request.Form value was detected

S

Steve Richter

getting this "potentially dangerous Request.Form value was detected"
exception with a textbox which I have populated with some source
code. I think I am getting the exception when I click OK on the web
page, but that is one of my question, so I am not sure ;)

I am reading how to disable request validation,
http://www.asp.net/faq/RequestValidation.aspx#5

but I dont want to do that. I would rather catch the exception. But I
guess that is not workable because at the time the validation
exception is thrown, the individual control with the invalid data is
not yet know. correct?

should I Server.HtmlEncode the data I put in the textbox before
posting to the browser? If I do that the data will display in encoded
form ( correct? ) and I dont want that.

how do I accept textbox input from a form that fails RequestValidation
without disabling that validation?

thanks,

-Steve
 
B

bruce barker

request validation is looking for script and html attacks. so typing a
"<" or "&#" in a textbox will fire this error on postback. each control
checks this when it loads the postback data. as this is a page event,
you can only catch the error with a global error handler.

if validation is on, you should never set Text of a webcontrol to these
character. if you htmlencode, the browser will convert to the correct
values, but will cause a postback error.

there is no way to display these values in a textbox and postback unless
you turn off validation.

-- bruce (sqlwork.com)
 
S

Steve Richter

request validation is looking for script and html attacks. so typing a
"<" or "&#" in a textbox will fire this error on postback. each control
checks this when it loads the postback data. as this is a page event,
you can only catch the error with a global error handler.

if validation is on, you should never set Text of a webcontrol to these
character. if you htmlencode, the browser will convert to the correct
values, but will cause a postback error.

there is no way to display these values in a textbox and postback unless
you turn off validation.
Click to expand...

ok. thank you.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

A potentially dangerous Request.Form value was detected from the client 2
A potentially dangerous Request.Form value was detected from the client 2
potentially dangerous Request.Form value was detected 1
Potentially dangerous script - urgent! 6
Problem on display many XML files in web broswer IE 6
Request.Form error in asp.net 1
Problem in Accepting Xml Data in TextBox 3
Potentially dangerous Request.Form value for Cancel button Click 1

Top