473,326 Members | 2,110 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

A potentially dangerous Request.Form value was detected from the client

scenario: textbox that user enters some program code in...
this will cause the above error in the subject of this posting...

How can I deal with this:
Besides a custom error page, is there any way to trap this so that I
can remove the offending item from say, a textbox, and then tell the
user not to enter items in the textbox that will raise this error?

I don't seem to be able to trap the error because none of the usual
page and control events seem to fire when I put offending material in a
textbox (with the page directive validateREquest NOT set to false)

I would really like to keep my validateRequest Not set to false because
of the security advantages...

Thank you.

Nov 19 '05 #1
5 7032
On Thu, 16 Jun 2005 10:55:55 -0700, JJ****@hotmail.com wrote:
extbox

Seems to me that you need to validate the Text of the textbox at the
server. The normal behavior is for the validation to occur in both the
client and the server. But when you request so, it is possible to only do
it at the server which is what you want.
However, you have to be very careful as you would have the offending code
in the Text (and this is by design in the server-side DOM) and it is
possible to cause stuff in the DOM to execute (Huge security violation)

Nov 19 '05 #2
WJ

<JJ****@hotmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
scenario: textbox that user enters some program code in...
this will cause the above error in the subject of this posting...

One good way is to noty execute raw SQL script such as "select * from ???".
This means you use parameter. Without this, it would be difficult to detect
user's input.

John
Nov 19 '05 #3
Thank you.
How do I do that? It looks like I need to validate the textbox in the
changed event...
I was thinking of doing a search/replace on the user's entries for the
usual suspects -- greater than and lesser than signs -- in the changed
event. I suppose it is documented somewhere (msdn) as to precisely
characters .net would find suspicious.
I wish .net would have added some sort of functionality to help us deal
with this...

Nov 19 '05 #4
Not sure what this is - can you give me an example?
In my case, I'm just updating a recordset (dataset...) with the
contents of a textbox...
thanks!

Nov 19 '05 #5
WJ
http://www.securitydocs.com/library/3348

Jw

<JJ****@hotmail.com> wrote in message
news:11*********************@z14g2000cwz.googlegro ups.com...
Not sure what this is - can you give me an example?
In my case, I'm just updating a recordset (dataset...) with the
contents of a textbox...
thanks!

Nov 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Anil Kripalani | last post by:
When a user of our ASP.NET 1.1 application submits a form with the phrase 'manuscript:' in a text field, ASP returns the error 'A potentially dangerous Request.Form value was detected from the...
1
by: John Morgan | last post by:
I am attempting to use a try/catch block to trap a querystring which is caught by ValidateRequest="true" in the @page directive A simple example of the blockthat does not work is Try...
1
by: angus | last post by:
Dear All, how to try-catch "A potentially dangerous Request.Form value was detected from the client (txtUserName="<asdf")." this exception? i've set the debugger in the Page_InIt function,...
6
by: Hardy Wang | last post by:
Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pjOvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD6RKCg0l6uk8ic8oNhuJKw== I...
6
by: STech | last post by:
If data you post back contains the following string on<<any sequence of characters>>= example: on2q3asdf= The page will throw the following exception: A potentially dangerous Request.Form...
1
by: veenakj | last post by:
Hi Code snippet -------------- strErrMsg = "Could not find a part of the path \"C:\\Temp\\data\\Test.xml\"." } Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));...
1
by: Sergey Zuyev | last post by:
Hello all I have simple edit form. When user saves data that contains restricted characters such as (< , etc.) , regular expression validator will display a warning message. It all works fine,...
2
by: arun | last post by:
Hi I want to store the text from a TextBox that contains <br, *, $ etc.to sql server. But it shows me an error message "A potentially dangerous Request.Form value was detected from the client...
1
by: djmc | last post by:
Using the asp.net button control (and I assume others), I place the phrase "Don't Save" in the .Text field. The button displays without any problems, but upon postback, the server responds with "A...
2
by: Steve Richter | last post by:
getting this "potentially dangerous Request.Form value was detected" exception with a textbox which I have populated with some source code. I think I am getting the exception when I click OK on...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.