473,320 Members | 1,862 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

HTML Tags in input form

Hi,

I have an form that saves to a database. I would like the user to be able to enter HTML tags into the Textbox Control fields but I get an error message when entering HTML tags:

A potentially dangerous Request.Form value was detected from the client (pArticleText="Test<p>").

I'm new to ASP.NET so I'm not sure what would be the best way.

Thanks

--
Message posted via http://www.dotnetmonster.com
Nov 19 '05 #1
3 1231
One of the enhancements in 1.1 is the new "ValidateRequest" feature that
provides automatic detection and blocking of
suspicious looking data. This is a feature to prevent HTML injection and
other such attacks.

Luckily you can turn it off in cases like this with the following page
directive:
<%@ Page validateRequest="false" %>

Here's more info:
http://weblogs.asp.net/vga/archive/2003/05/02/6329.aspx
http://www.asp.net/faq/RequestValidation.aspx
http://groups-beta.google.com/group/...e=UTF-8&rnum=1

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net

"Joe via DotNetMonster.com" <fo***@DotNetMonster.com> wrote in message
news:de******************************@DotNetMonste r.com...
Hi,

I have an form that saves to a database. I would like the user to be able
to enter HTML tags into the Textbox Control fields but I get an error
message when entering HTML tags:

A potentially dangerous Request.Form value was detected from the client
(pArticleText="Test<p>").

I'm new to ASP.NET so I'm not sure what would be the best way.

Thanks

--
Message posted via http://www.dotnetmonster.com

Nov 19 '05 #2

"Joe via DotNetMonster.com" <fo***@DotNetMonster.com> wrote in message
news:de******************************@DotNetMonste r.com...
Hi,

I have an form that saves to a database. I would like the user to be able to enter HTML tags into the Textbox Control fields but I get an error
message when entering HTML tags:
A potentially dangerous Request.Form value was detected from the client (pArticleText="Test<p>").
I'm new to ASP.NET so I'm not sure what would be the best way.

Thanks

--
Message posted via http://www.dotnetmonster.com


You can turn it off for the page, but you need to encode it during
processing and unencode it later for security reasons.

See this info
Most scripting exploits occur when users can get executable code (script)
into your application. By default, ASP.NET provides request validation,
which raises an error if a form post contains any HTML whatsoever.

You can protecting against script exploits in these ways:

a.. Apply HTML encoding to strings before accepting or displaying them, so
that the strings do not include any executable elements.
b.. If your application needs to accept some HTML, disable request
validation and create your own HTML filter.
Nov 19 '05 #3
>> I have an form that saves to a database. I would like the user to be able
to enter HTML tags into the Textbox Control fields but I get an error
message when entering HTML tags:

A potentially dangerous Request.Form value was detected from the client(pArticleText="Test<p>").

<snip>You can turn it off for the page, but you need to encode it during
processing and unencode it later for security reasons.


Can't it just be turned off for one control? It seems a bit extreme to
only allow it to be on or off for the whole page. Surely if you could
disable the checking for just one control, it would make the security
much easier as you would only have to worry about anything entered in
that one control.

--
Alan Silver
(anything added below this line is nothing to do with me)
Nov 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: google | last post by:
I would like to print a table, using a while loop to insert as many blank text fields as players specified by the user. How do I put html inside a php loop. This is what I have.... <body>...
3
by: Kathy | last post by:
Can someone help me with the code to take the data in four fields on an HTML form and add it to a table in a database on an intranet. Thanks to all who help! Kathy
4
by: Deepak Mehta | last post by:
I hv to store data with HTML tags in database. user will input data with html tags for e.g.<strong> Name <strong>. And when i will read data in webpage then "Name" should eb bold. but i m getting...
0
by: lawrenceS59 | last post by:
Hi all, I'm fairly new to web development so bare with me. The html page that i've created isn't working and i can't figure out why. I'm guessing there are some rules that need to be followed...
5
by: joker | last post by:
I'm somewhat of a newbie to PHP, however i would appreciate if someone would be kind enough and help me with my problem. To give you a better understanding of what my problem is, here is what i'm...
0
by: sharif | last post by:
Anyone could help me out for n=my code ......I have written following code ,Here i m able to get and post the form successfuly..but after posting im not gettng proper response content... ...
7
by: thersitz | last post by:
I can't seem to get my html form to submit properly from within a web form. Here's my form tag syntax and some delivery hidden fields. <form id="myForm"...
4
tolkienarda
by: tolkienarda | last post by:
hi all i am printing out a bunch of html code with a php script and i am not sure if my html syntax or my php syntax, everything works and displays the way i want but the width tags for the text...
1
by: since | last post by:
I figured I would post my solution to the following. Resizable column tables. Search and replace values in a table. (IE only) Scrollable tables. Sortable tables. It is based on a lot...
15
by: lxyone | last post by:
Using a flat file containing table names, fields, values whats the best way of creating html pages? I want control over the html pages ie 1. layout 2. what data to show 3. what controls to...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.