473,326 Members | 2,126 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Request Validation

Hi guys
I have a question regarding to how to do the request validation on user's
input. We all know in asp.net. when user input something like <a>blah
blah</aby default, It will throw a HttpRequestValidationException say "A
potentially dangerous Request.Form value was detected from the client ". And
This validation can be turned off in the page.

Now, I am quite annoy about all these exceptions cause by someone want to
post some kinds of the ads on my website. And I really do not to disable the
page request validation. The best the result for me will be I can do
something about it before it reach the request validation event, like check
the user input myself then redirect to some other pages. if user continue
doing that, the system will automatically lock user's account, and send to
an email to admin.

Is there anyway I can achieve this? Or do you have better ideas? Any help
will be appreciate?
Thanks a lot
Cheers
Victor

Jul 25 '07 #1
3 1887
I suggest you disable the page request validation and instead use
Microsoft's free Anti-Cross Site Scripting Library.
http://msdn2.microsoft.com/en-us/security/aa973814.aspx

If that doesn't work out for you, use a White List approach to specify only
which characters are allowed - and deny all other characters.

--
I hope this helps,
Steve C. Orr,
MCSD, MVP, CSM, ASPInsider
http://SteveOrr.net
"Victor" <vi****@noemail.noemailwrote in message
news:C5**********************************@microsof t.com...
Hi guys
I have a question regarding to how to do the request validation on user's
input. We all know in asp.net. when user input something like <a>blah
blah</aby default, It will throw a HttpRequestValidationException say "A
potentially dangerous Request.Form value was detected from the client ".
And This validation can be turned off in the page.

Now, I am quite annoy about all these exceptions cause by someone want to
post some kinds of the ads on my website. And I really do not to disable
the page request validation. The best the result for me will be I can do
something about it before it reach the request validation event, like
check the user input myself then redirect to some other pages. if user
continue doing that, the system will automatically lock user's account,
and send to an email to admin.

Is there anyway I can achieve this? Or do you have better ideas? Any help
will be appreciate?
Thanks a lot
Cheers
Victor
Jul 25 '07 #2
Hi Victor,

I agree with Steve here, with the Anti-Cross Site Scripting Library and
turning off "validateRequest", you should be able to accept any input
without vulnerable to marlicious script:

Literal1.Text =
"Hello " + Microsoft.Security.Application.AntiXss.HtmlEncode( TextBox1.Text)
+ "! Welcome to the examples!";

Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 26 '07 #3
Hi Steve and Walter:
Thanks for your help. This is really a good clue for me to solve my problem.
I am still doing research on the AntiXss class. Hopefully, I can start use
that soon..
cheers thans again for the help.

Victor

"Walter Wang [MSFT]" <wa****@online.microsoft.comwrote in message
news:II**************@TK2MSFTNGHUB02.phx.gbl...
Hi Victor,

I agree with Steve here, with the Anti-Cross Site Scripting Library and
turning off "validateRequest", you should be able to accept any input
without vulnerable to marlicious script:

Literal1.Text =
"Hello " +
Microsoft.Security.Application.AntiXss.HtmlEncode( TextBox1.Text)
+ "! Welcome to the examples!";

Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

Jul 31 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Daniel Rimmelzwaan | last post by:
I want to send a biztalk document to an aspx page, and I need to see some sample code, because I just can't make it work. I have a port with transport type HTTP, pointing to my aspx page, something...
0
by: Amar | last post by:
I am recieving the "The root element is missing" error from my soap extension while attempting to validate an incoming SOAP message request. I suspect the problem resides in the ChainStream method...
0
by: Anbu | last post by:
All, I'm hosting a web site on Windows 2003 server as default web site. Same server is also hosting Windows SharePoint Server 2003 on another port. When I access WSS site, it works fine. But...
2
by: Steve Richter | last post by:
getting this "potentially dangerous Request.Form value was detected" exception with a textbox which I have populated with some source code. I think I am getting the exception when I click OK on...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.