469,568 Members | 1,783 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,568 developers. It's quick & easy.

HTML tags in Textbox

I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...
Nov 19 '05 #1
4 10662
ASP.Net 1.1 had a new feature which tries to protect against script
injection attacks. Check out http://asp.net/faq/RequestValidation.aspx for
more information.

Quickly though you can disable this via <%@ Page validateRequest="false"
....>

or in the web.config for your entier application:
<system.web>
<page validateRequest="false" />
</system.web>

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/
"Deepak Mehta" <de********@gmail.com> wrote in message
news:b0************************@posting.google.com ...
I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...

Nov 19 '05 #2
Hi Deepak,

That's a security measure built into ASP.NET 1.1 to stop hackers from
inserting scripting attacks.

"In ASP.NET 1.1, when turned on, the ValidateRequest attribute on the @Page
directive checks that users are not sending potentially dangerous HTML
markup in query strings, cookies, or form fields. If that is detected, an
exception is thrown and the request aborts. The attribute is on by default;
you don't have to do anything to be protected. If you want to allow HTML
markup to pass, then you must actively disable it."

<%@ Page ValidateRequest="false" %>

Let us know?

Ken
Microsoft MVP [ASP.NET]
Toronto
"Deepak Mehta" <de********@gmail.com> wrote in message
news:b0************************@posting.google.com ...
I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...


Nov 19 '05 #3
Here's the link for more info. Look for ValidateRequest :

http://msdn.microsoft.com/library/de...tybarriers.asp

"Deepak Mehta" <de********@gmail.com> wrote in message
news:b0************************@posting.google.com ...
I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...


Nov 19 '05 #4
I will say the this type of code i.e., embedding the UI code in the database
is not standard way. When you
do a code it should follow tier architecture so, that the presentation and
business logic
will be separated. And, other demerit of this code is ,even if asp is
accepting a request data which contains
a html elements will not safe as it might get hacked by the users.

If you allow html tags in your user input forms, one can execute a
javascript located in somewhere else
to do some unwanted activities.

So, my suggestion is avoid this kind of code and try to be more standard
in your coding strategies.

--
Vadivel Kumar
http:\\charpblogs.blogspot.com

"Deepak Mehta" <de********@gmail.com> wrote in message
news:b0************************@posting.google.com ...
I hv to store data with HTML tags in database. user will input data
with html tags for e.g.<strong> Name <strong>. And when i will read
data in webpage then "Name" should eb bold. but i m getting problem in
storing data in database.
When i input text with html tags in textbox and click on
submit...Following error comes:
A potentially dangerous Request.Form value was detected from the
client (textbox11="<strong>...").

Plz Help...

Nov 19 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Donald Firesmith | last post: by
15 posts views Thread by Jeff North | last post: by
2 posts views Thread by hoz | last post: by
3 posts views Thread by Joe via DotNetMonster.com | last post: by
4 posts views Thread by Spondishy | last post: by
17 posts views Thread by V S Rawat | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.