By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,732 Members | 1,429 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,732 IT Pros & Developers. It's quick & easy.

how to try-catch potentially dangerous Request.Form value exception

P: n/a
Dear All,

how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?

i've set the debugger in the Page_InIt function, but this page is shown
before the Page_init function.

i know that i can set validateRequest="false" in my page, but how can i
try-catch it?
Thank you.

Regards,
angus

ref: http://asp.net/faq/images/requestValidation3.png
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Angus,

I assume you are trying to catch the exception so that you can show a
friendly error, log it and handle gracefully. I can think of 2 options:

1. Use the application_error method in the global.asax to catch the
exception and then take appropriate action. This is a pretty good article
for handling errors in asp .net
http://msdn.microsoft.com/asp.net/us...stomErrors.asp.
2. Do all form and data validation yourself. This would give you more
control on detecting potential attacks, and you could have you "try and
catch". However you may not cover all scenarios, hence I dont recommend this
option by itself.

I would actually go for both. Let ASP .Net detect malicious content, but
also do you own validation on form fields, querystings etc (i.e. all user
input). Tip: Don't try and create rules on what is not allowed, create
rules on what is allowed. E.g. don't create rules that disallow & and % and
^ and @ etc, rather create the rule that only allows 0-9, a-z and A-Z.
Hope this helps,
Michael

--
This posting is provided "AS IS" with no warranties, and confers no rights.
"angus" <an***@angus.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
Dear All,

how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?

i've set the debugger in the Page_InIt function, but this page is shown
before the Page_init function.

i know that i can set validateRequest="false" in my page, but how can i
try-catch it?
Thank you.

Regards,
angus

ref: http://asp.net/faq/images/requestValidation3.png

Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.