473,471 Members | 1,728 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

A potentially dangerous Request.Form value was detected from the client

scenario: textbox that user enters some program code in...
this will cause the above error in the subject of this posting...

How can I deal with this:
Besides a custom error page, is there any way to trap this so that I
can remove the offending item from say, a textbox, and then tell the
user not to enter items in the textbox that will raise this error?

I don't seem to be able to trap the error because none of the usual
page and control events seem to fire when I put offending material in a
textbox (with the page directive validateREquest NOT set to false)

I would really like to keep my validateRequest Not set to false because
of the security advantages...

Thank you.

Nov 19 '05 #1
5 7036
On Thu, 16 Jun 2005 10:55:55 -0700, JJ****@hotmail.com wrote:
extbox

Seems to me that you need to validate the Text of the textbox at the
server. The normal behavior is for the validation to occur in both the
client and the server. But when you request so, it is possible to only do
it at the server which is what you want.
However, you have to be very careful as you would have the offending code
in the Text (and this is by design in the server-side DOM) and it is
possible to cause stuff in the DOM to execute (Huge security violation)

Nov 19 '05 #2
WJ

<JJ****@hotmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
scenario: textbox that user enters some program code in...
this will cause the above error in the subject of this posting...

One good way is to noty execute raw SQL script such as "select * from ???".
This means you use parameter. Without this, it would be difficult to detect
user's input.

John
Nov 19 '05 #3
Thank you.
How do I do that? It looks like I need to validate the textbox in the
changed event...
I was thinking of doing a search/replace on the user's entries for the
usual suspects -- greater than and lesser than signs -- in the changed
event. I suppose it is documented somewhere (msdn) as to precisely
characters .net would find suspicious.
I wish .net would have added some sort of functionality to help us deal
with this...

Nov 19 '05 #4
Not sure what this is - can you give me an example?
In my case, I'm just updating a recordset (dataset...) with the
contents of a textbox...
thanks!

Nov 19 '05 #5
WJ
http://www.securitydocs.com/library/3348

Jw

<JJ****@hotmail.com> wrote in message
news:11*********************@z14g2000cwz.googlegro ups.com...
Not sure what this is - can you give me an example?
In my case, I'm just updating a recordset (dataset...) with the
contents of a textbox...
thanks!

Nov 19 '05 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Why Getting 'A Potentially Dangerous Request...' Error?
by: Anil Kripalani | last post by:
When a user of our ASP.NET 1.1 application submits a form with the phrase 'manuscript:' in a text field, ASP returns the error 'A potentially dangerous Request.Form value was detected from the...
ASP.NET
1
Trapping a ' potentially dangerous Request.QueryString value'
by: John Morgan | last post by:
I am attempting to use a try/catch block to trap a querystring which is caught by ValidateRequest="true" in the @page directive A simple example of the blockthat does not work is Try...
ASP.NET
1
how to try-catch potentially dangerous Request.Form value exception
by: angus | last post by:
Dear All, how to try-catch "A potentially dangerous Request.Form value was detected from the client (txtUserName="<asdf")." this exception? i've set the debugger in the Page_InIt function,...
ASP.NET
6
A potentially dangerous Request.QueryString value was detected from the client
by: Hardy Wang | last post by:
Hi, I put following value in my query string, then I got this error fx=hssGdNlaWq6f893_E3AcEHaT9spLQoTEudddVM3nUdMo6pjOvzqS6x9fRHvkZCYzg4Win6qxSVaV*iMtZgcgaSsV8EhgU3UJD6RKCg0l6uk8ic8oNhuJKw== I...
ASP.NET
6
Potentially dangerous script - urgent!
by: STech | last post by:
If data you post back contains the following string on<<any sequence of characters>>= example: on2q3asdf= The page will throw the following exception: A potentially dangerous Request.Form...
ASP.NET
1
Server.URLEncode and potentially dangerous string
by: veenakj | last post by:
Hi Code snippet -------------- strErrMsg = "Could not find a part of the path \"C:\\Temp\\data\\Test.xml\"." } Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));...
ASP.NET
1
Potentially dangerous Request.Form value for Cancel button Click
by: Sergey Zuyev | last post by:
Hello all I have simple edit form. When user saves data that contains restricted characters such as (< , etc.) , regular expression validator will display a warning message. It all works fine,...
ASP.NET
2
A potentially dangerous Request.Form value was detected from the client
by: arun | last post by:
Hi I want to store the text from a TextBox that contains <br, *, $ etc.to sql server. But it shows me an error message "A potentially dangerous Request.Form value was detected from the client...
ASP.NET
1
Localization and Potentially Dangerous Request.Form Values
by: djmc | last post by:
Using the asp.net button control (and I assume others), I place the phrase "Don't Save" in the .Text field. The button displays without any problems, but upon postback, the server responds with "A...
ASP.NET
2
potentially dangerous Request.Form value was detected
by: Steve Richter | last post by:
getting this "potentially dangerous Request.Form value was detected" exception with a textbox which I have populated with some source code. I think I am getting the exception when I click OK on...
ASP.NET
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us