Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD 6RKCg0l6uk8ic8oNhuJKw==
I am wandering what is wrong with this value? I really cannot understand.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy 6 9510
Lookis like it would be iehter * or = that is filtered as malicious...
Try with those chars...
Patrice
--
"Hardy Wang" <ha*******@hotmail.com> a écrit dans le message de
news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxS
VaV*iMtZgcgaSsV8EhgU3UJD6RKCg0l6uk8ic8oNhuJKw== I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Hardy,
It's being interpreted as an attempt to pass an "onSomething=doSomething();"
script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979
for more details.
HTH,
Nicole
"Hardy Wang" <ha*******@hotmail.com> wrote in message
news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD 6RKCg0l6uk8ic8oNhuJKw==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Not really, if I put
fx=*47dMwS26lKi3_38XS_xKTlHYszeDo3fa6ffWmzkuXRkdjh iiFem9i87rRdSxQOIPr*zNNMJZeX3Izl7q7pRAO5aAHCxGJwvQ cygRjQ6Dp6jR73y6FP1JA==
Then everything is fine. This value also contains * and ==.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy
"Patrice" <no****@nowhere.com> wrote in message
news:uP**************@TK2MSFTNGP15.phx.gbl... Lookis like it would be iehter * or = that is filtered as malicious...
Try with those chars...
Patrice
--
"Hardy Wang" <ha*******@hotmail.com> a écrit dans le message de news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxS VaV*iMtZgcgaSsV8EhgU3UJD6RKCg0l6uk8ic8oNhuJKw== I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Thanks, based on your post in that thread, "on=" will cause problem, but in
my value I only have "oN" then followed by some other strings.
BTW, I cannot find System.Web.CrossSiteScriptingValidation class.
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... Hardy,
It's being interpreted as an attempt to pass an "onSomething=doSomething();" script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979 for more details.
HTH, Nicole
"Hardy Wang" <ha*******@hotmail.com> wrote in message news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD 6RKCg0l6uk8ic8oNhuJKw==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
Hardy,
It's not just "on=" that causes the problem. Mike Kozlowski posted regular
expressions for the problem patterns in the earlier thread. If you would
prefer to examine the code yourself, System.Web.CrossSiteScriptingValidation
is in System.Web.dll. It's visibility is set to internal, so you might need
to adjust your Reflector settings to see it.
HTH,
NIcole
"Hardy Wang" <ha*******@hotmail.com> wrote in message
news:Od**************@TK2MSFTNGP11.phx.gbl... Thanks, based on your post in that thread, "on=" will cause problem, but in my value I only have "oN" then followed by some other strings.
BTW, I cannot find System.Web.CrossSiteScriptingValidation class.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Hardy,
It's being interpreted as an attempt to pass an "onSomething=doSomething();" script injection. See the thread at http://groups-beta.google.com/group/...1d89511401e979 for more details.
HTH, Nicole
"Hardy Wang" <ha*******@hotmail.com> wrote in message news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD 6RKCg0l6uk8ic8oNhuJKw==
I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
"Hardy Wang" <ha*******@hotmail.com> wrote in message
news:e$**************@TK2MSFTNGP14.phx.gbl... Hi, I put following value in my query string, then I got this error
fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pj OvzqS6x9fRHvkZCYzg4Win6qxS
VaV*iMtZgcgaSsV8EhgU3UJD6RKCg0l6uk8ic8oNhuJKw== I am wandering what is wrong with this value? I really cannot understand.
-- WWW: http://hardywang.1accesshost.com ICQ: 3359839 yours Hardy
You can turn off the validation, but you need to make sure your code can
handle malicious encoding. To turn it off
put validaterequest=false in the @page directive. You may want to
research it a bit first. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Anil Kripalani |
last post by:
When a user of our ASP.NET 1.1 application submits a form with the phrase
'manuscript:' in a text field, ASP returns the error 'A potentially
dangerous Request.Form value was detected from the...
|
by: Boris |
last post by:
All,
When i use .net FRamework 1.1, for my web application, i get an error
saying "A potentially dangerous querystring was detected from the
client...."
I have read the posts related to this and...
|
by: John Morgan |
last post by:
I am attempting to use a try/catch block to trap a querystring which
is caught by ValidateRequest="true" in the @page directive
A simple example of the blockthat does not work is
Try...
|
by: angus |
last post by:
Dear All,
how to try-catch "A potentially dangerous Request.Form value was detected
from the client (txtUserName="<asdf")."
this exception?
i've set the debugger in the Page_InIt function,...
|
by: STech |
last post by:
If data you post back contains the following string
on<<any sequence of characters>>=
example: on2q3asdf=
The page will throw the following exception:
A potentially dangerous Request.Form...
| |
by: veenakj |
last post by:
Hi
Code snippet
--------------
strErrMsg = "Could not find a part of the path
\"C:\\Temp\\data\\Test.xml\"." }
Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));...
|
by: Sergey Zuyev |
last post by:
Hello all
I have simple edit form. When user saves data that contains restricted
characters such as (< , etc.) , regular expression validator will display
a warning message. It all works fine,...
|
by: arun |
last post by:
Hi
I want to store the text from a TextBox that contains <br, *, $
etc.to sql server. But it shows me an error message "A potentially
dangerous Request.Form value was detected from the client...
|
by: Steve Richter |
last post by:
getting this "potentially dangerous Request.Form value was detected"
exception with a textbox which I have populated with some source
code. I think I am getting the exception when I click OK on...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |