Home » ASP.NET9 April 2009

ASP.NET Error: A potentially dangerous Request.Form value was detected from the client

Error:

A potentially dangerous Request.Form value was detected from the client

Scenario:

When you put html tags in your form fields (textbox,textarea) like


Cause:

This is for security reason. This prevents users from injecting HTML or other scripts through form fields. The .NET framework throws error when it detects any HTML statement in the text entered. Actually, it throws error whenever it detects anything with opening and closing angled brackets (“<...>“). This feature was added in .NET 1.1 framework. It was not present in .NET 1.0 framwork

Solution:

There are two possible solutions.

1) Globally turn request validation off

For this, you have to add the following to your web.config file within the section.

This will turn off request validation for every page in your application.

2) Turn request validation off for particular pages

If you don’t want to turn off request validation for every page in your application, then you can go with this option.

You can have your desired page to be request validation off. For this, you have to add a tag ValidateRequest=”false” into the Page-directive on top of the page you want users to be able to input HTML and script tags.

Open your form page in code view.

See at the top line.

There might be the code like:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Add.aspx.cs" Inherits="Article.Admin_Article_Add" Title="Article Management | Add" %>

You have to add ValidateRequest=”false” in it. The code should now look like:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Add.aspx.cs" Inherits="Article.Admin_Article_Add" Title="Article Management | Add" ValidateRequest="false" %>

Now, you will be able to add HTML and script tags through this particular page.

#2 is a better solution than #1. But it depends upon your need and requirement :).

php magento mukesh chapagain

Get New Post by Email

Find me on

Facebook Twitter Google+ LinkedIn RSS Feed