473,320 Members | 1,572 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Strange error, please

Hi. I have created a web-based "file manager", for remote-administration of
a web-site. It works okay.

The "main" form in the "file manager" is BrowseFiles.aspx. I can edit the
text files (among which the "js" files) by clicking on an achor which
redirects me to "edit.aspx".

Once in "edit.aspx", after I view a ".js" file, for instance, I click on the
button "Return to file manager". The code in the command "Return to file
manager" is mainly
Response.Redirect("BrowseFiles.aspx?Folder=" & strFolderPath) where
strFolderPath is the folder I was viewing before starting the edit.

I get:
__________________________________________________ _________
Server Error in '/aspnetprojects/vsnet/ThePhile' Application.

A potentially dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
__________________________________________________ _________

Note: txtFileContent is the text box in which I show the file to edit
(using, of course, stream readers).

I have tried using their suggestion (validateRequest=false) but it does not
change a thing... What am I doing wrong ?

Thank you.
Alex.
Nov 19 '05 #1
2 1552
The reason maybe the "<" or any html or script tag for that matter. Try it
again with a demo file which just contains "<foo>" or something and see if
you get the same error. Then try it with a file that has just "foo" and you
may not get any errors.

If this is the case then the way to fix it is to convert all < and > chars
to < and > when displaying to the client. You will then need to convert them
back again when receiving them.

The reason: Well the error report is telling you that the user has input a
script or script tag which could potentially be of harm. This is why most
forums etc do not accept HTML code from public users.

I could be wrong, but I hope it helps.

Regards

Geoff

"Alex Nitulescu" wrote:
Hi. I have created a web-based "file manager", for remote-administration of
a web-site. It works okay.

The "main" form in the "file manager" is BrowseFiles.aspx. I can edit the
text files (among which the "js" files) by clicking on an achor which
redirects me to "edit.aspx".

Once in "edit.aspx", after I view a ".js" file, for instance, I click on the
button "Return to file manager". The code in the command "Return to file
manager" is mainly
Response.Redirect("BrowseFiles.aspx?Folder=" & strFolderPath) where
strFolderPath is the folder I was viewing before starting the edit.

I get:
__________________________________________________ _________
Server Error in '/aspnetprojects/vsnet/ThePhile' Application.

A potentially dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
__________________________________________________ _________

Note: txtFileContent is the text box in which I show the file to edit
(using, of course, stream readers).

I have tried using their suggestion (validateRequest=false) but it does not
change a thing... What am I doing wrong ?

Thank you.
Alex.

Nov 19 '05 #2
Geoff, you were right - I tried a foo.html file, first containing "foo", and
second containing "<foo>". Obviously, the first time it worked, the second
time not.
I guess the only solution would be to convert those < and > to something
else - I'll have to find a convenient replacement symbol..

"Geoff Willings" <Ge***********@discussions.microsoft.com> wrote in message
news:05**********************************@microsof t.com...
The reason maybe the "<" or any html or script tag for that matter. Try it
again with a demo file which just contains "<foo>" or something and see if
you get the same error. Then try it with a file that has just "foo" and
you
may not get any errors.

If this is the case then the way to fix it is to convert all < and > chars
to < and > when displaying to the client. You will then need to convert
them
back again when receiving them.

The reason: Well the error report is telling you that the user has input a
script or script tag which could potentially be of harm. This is why most
forums etc do not accept HTML code from public users.

I could be wrong, but I hope it helps.

Regards

Geoff

"Alex Nitulescu" wrote:
Hi. I have created a web-based "file manager", for remote-administration
of
a web-site. It works okay.

The "main" form in the "file manager" is BrowseFiles.aspx. I can edit the
text files (among which the "js" files) by clicking on an achor which
redirects me to "edit.aspx".

Once in "edit.aspx", after I view a ".js" file, for instance, I click on
the
button "Return to file manager". The code in the command "Return to file
manager" is mainly
Response.Redirect("BrowseFiles.aspx?Folder=" & strFolderPath) where
strFolderPath is the folder I was viewing before starting the edit.

I get:
__________________________________________________ _________
Server Error in '/aspnetprojects/vsnet/ThePhile' Application.

A potentially dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
Description: Request Validation has detected a potentially dangerous
client
input value, and processing of the request has been aborted. This value
may
indicate an attempt to compromise the security of your application, such
as
a cross-site scripting attack. You can disable request validation by
setting
validateRequest=false in the Page directive or in the configuration
section.
However, it is strongly recommended that your application explicitly
check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A
potentially
dangerous Request.Form value was detected from the client
(txtFileContent="...uterHeight<screen.availHeight. ..").
__________________________________________________ _________

Note: txtFileContent is the text box in which I show the file to edit
(using, of course, stream readers).

I have tried using their suggestion (validateRequest=false) but it does
not
change a thing... What am I doing wrong ?

Thank you.
Alex.

Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: theintrepidfox | last post by:
Dear Group I came accross a very annoying behaviour of Visual Studio, giving me six hours of headache till I found the solution. This post is mainly for fellow developers for reference as it...
5
by: Shapper | last post by:
Hello, I just upload my web site to my hosting server and when I access it I always get an error: "Redicterion limit for this URL exceeded. Unable to load the requested page" Does anyone...
11
by: Mike C# | last post by:
Hi all, I keep getting a strange error and can't pin it down. The message is: This application has requested the Runtime to terminate it in an unusual way. Please contact the application's...
3
by: Shelly | last post by:
I am encountering two strange problems. First one: I get a "server misconfiguration error", but only sometimes. It occurs on the first screen that accesses the database on a submit. This error...
1
by: Victor | last post by:
Hi guys, I have a very strange problem with scriptmanager here. I want to load a js (which is embed in the project) but everytime i try to load that, it gives me error like Specified argument was...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.