"Joe via DotNetMonster.com" <fo***@DotNetMonster.com> wrote in message
news:de******************************@DotNetMonste r.com...
Hi,
I have an form that saves to a database. I would like the user to be able
to enter HTML tags into the Textbox Control fields but I get an error
message when entering HTML tags:
A potentially dangerous Request.Form value was detected from the client
(pArticleText="Test<p>").
I'm new to ASP.NET so I'm not sure what would be the best way.
Thanks
--
Message posted via http://www.dotnetmonster.com
You can turn it off for the page, but you need to encode it during
processing and unencode it later for security reasons.
See this info
Most scripting exploits occur when users can get executable code (script)
into your application. By default, ASP.NET provides request validation,
which raises an error if a form post contains any HTML whatsoever.
You can protecting against script exploits in these ways:
a.. Apply HTML encoding to strings before accepting or displaying them, so
that the strings do not include any executable elements.
b.. If your application needs to accept some HTML, disable request
validation and create your own HTML filter.