473,320 Members | 2,147 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

A potentially dangerous client input value

Hi there,

I've come across the next problem: angle brackets in values being sent
to a server.
Because of this stuff HttpRequestValidationException occurs (FW 2.0).

It seems that the validateRequest being set to FALSE should help (e.g.,
http://kb.seekdotnet.com/ViewArticle.aspx?ID=42)... but I need to
support FW 1.0 as well as its successors!!!

Not sure I see any way to fix this at one ample swoop.
Maybe anybody could help dope out a solution?

Thanks,
Andrew

May 5 '06 #1
3 1422
I'm not sure about framework 1.0, but the ValidateRequest attribute is
at least supported from framework 1.1.

an********@gmail.com wrote:
Hi there,

I've come across the next problem: angle brackets in values being sent
to a server.
Because of this stuff HttpRequestValidationException occurs (FW 2.0).

It seems that the validateRequest being set to FALSE should help (e.g.,
http://kb.seekdotnet.com/ViewArticle.aspx?ID=42)... but I need to
support FW 1.0 as well as its successors!!!

Not sure I see any way to fix this at one ample swoop.
Maybe anybody could help dope out a solution?

Thanks,
Andrew

May 5 '06 #2
Validate with Regular expressions. It allows you to set up a condition that
fails angle brackets without losing validation. Your other option is
validation up the stack, but you will want to validate prior to taking an
expensive trip to the database.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
<an********@gmail.com> wrote in message
news:11**********************@i39g2000cwa.googlegr oups.com...
Hi there,

I've come across the next problem: angle brackets in values being sent
to a server.
Because of this stuff HttpRequestValidationException occurs (FW 2.0).

It seems that the validateRequest being set to FALSE should help (e.g.,
http://kb.seekdotnet.com/ViewArticle.aspx?ID=42)... but I need to
support FW 1.0 as well as its successors!!!

Not sure I see any way to fix this at one ample swoop.
Maybe anybody could help dope out a solution?

Thanks,
Andrew

May 6 '06 #3
Hummm, maybe I was not so clear.
Actually the problem is that FW1.0 works okay (without exceptions, no
wonder) but FW2.0 throws an HttpRequestValidationException.

I have to support both, and my intent is to allow angle brackets in
request variables. For FW2.0 it could be done by adding a false
validationRequest attribute either to a page or to the web.config file.
But this would break FW1.0 because the attribute isn't defined there.

Hope now my problem becomes more evident :)

Though here seems to be a workaround. I guess, validation should occur
in this way:

-- HttpRequest refers to the Form field or to the QueryString field or
something
-- HttpRequest.ValidateNameValueCollection
-- HttpRequest.ValidateString

So I could catch an HttpException wherever I address such fields in my
code. Looks like this should behave like validateRequest=false
approach.

May 6 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: John Morgan | last post by:
I am attempting to use a try/catch block to trap a querystring which is caught by ValidateRequest="true" in the @page directive A simple example of the blockthat does not work is Try...
1
by: angus | last post by:
Dear All, how to try-catch "A potentially dangerous Request.Form value was detected from the client (txtUserName="<asdf")." this exception? i've set the debugger in the Page_InIt function,...
1
by: veenakj | last post by:
Hi Code snippet -------------- strErrMsg = "Could not find a part of the path \"C:\\Temp\\data\\Test.xml\"." } Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));...
2
by: arun | last post by:
Hi I want to store the text from a TextBox that contains <br, *, $ etc.to sql server. But it shows me an error message "A potentially dangerous Request.Form value was detected from the client...
3
by: KUTTAN | last post by:
i am trying to input a html content to a input box in a DetailsView But i am getting an error like this 'A potentially dangerous Request.Form value was detected from the client...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.