467,169 Members | 992 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,169 developers. It's quick & easy.

reading from text area throwing exception with <p>

propertyDescription += "<br>" + lblpropertyDescription.Text; //here
i am reading some text from text area
i test wrting "p" in my text area it wrks fine but when i write
<pin my text area it gives the following error

Error Message:A potentially dangerous Request.Form value was detected from
the client (lblpropertyDescription="
"). Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String
valueName, String collectionName) at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc,
String collectionName) at System.Web.HttpRequest.get_Form() at
System.Web.UI.Page.GetCollectionBasedOnMethod() at
System.Web.UI.Page.DeterminePostBackMode() at
System.Web.UI.Page.ProcessRequestMain() at
System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)
Aug 21 '06 #1
  • viewed: 1492
Share:
4 Replies
Yup, that is what ASP.NET will give you.
Go to Google.
Type "A potentially dangerous Request.Form value was detected from "
into the search bar
and click search.

Tons of articles about this.
Vikas Kumar wrote:
propertyDescription += "<br>" + lblpropertyDescription.Text; //here
i am reading some text from text area
i test wrting "p" in my text area it wrks fine but when i write
<pin my text area it gives the following error

Error Message:A potentially dangerous Request.Form value was detected from
the client (lblpropertyDescription="
"). Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String
valueName, String collectionName) at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc,
String collectionName) at System.Web.HttpRequest.get_Form() at
System.Web.UI.Page.GetCollectionBasedOnMethod() at
System.Web.UI.Page.DeterminePostBackMode() at
System.Web.UI.Page.ProcessRequestMain() at
System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)

Aug 21 '06 #2
Can I do something like user should not be able to enter
html
i mean it should stop the user from entering <p>
instead of i write causes validation=false
"Ray Booysen" <rj***********@rjb.za.netwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Yup, that is what ASP.NET will give you.
Go to Google.
Type "A potentially dangerous Request.Form value was detected from " into
the search bar
and click search.

Tons of articles about this.
Vikas Kumar wrote:
>propertyDescription += "<br>" + lblpropertyDescription.Text;
//here i am reading some text from text area
i test wrting "p" in my text area it wrks fine but when i write
<pin my text area it gives the following error

Error Message:A potentially dangerous Request.Form value was detected
from the client (lblpropertyDescription="
"). Stack Trace: at System.Web.HttpRequest.ValidateString(String s,
String valueName, String collectionName) at
System.Web.HttpRequest.ValidateNameValueCollectio n(NameValueCollection
nvc, String collectionName) at System.Web.HttpRequest.get_Form() at
System.Web.UI.Page.GetCollectionBasedOnMethod() at
System.Web.UI.Page.DeterminePostBackMode() at
System.Web.UI.Page.ProcessRequestMain() at
System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
System.Web.CallHandlerExecutionStep.System.Web.Ht tpApplication+IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)
Aug 21 '06 #3
Hi Vikas,

ASP.NET 1.1/2.0 by default enable requestValidation so that any script or
html markup tags (like < , ....) will raise runtime exception. For your
scenario, I think you can consider the following options according to
what's the exact behavior you want and what task will your web page
designed to do:

1.If you want to let client users input html/xml markup tags in entry
fields(textbox, ...) and just want to display them again (write out), you
can simply disable the "validateRequest" for that particular page(which
will accept html markup input) and then on server-side, use
Server.HtmlEncode or HttpUtility.HtmlEncode to encode the content in the
textbox. e.g

<%@ Page ..................... ValidateRequest="false" %>

string safeString = Server.HtmlEncode(TextBox1.Text);

Label1.Text = "<p>" + safeString + "</p">
2. Still turn on the "validateRequest", but peform valdation against the
Textbox's input content at client-side. For example, you can use a
customValidator control on the ASP.NET page to validate that certain
textbox in which the client user may input some html tags. And for the
custom Validator's client-side validation script, you can use javascript
function to check whether the input content contains those particular chars
(such as < , .....).

3. Use the Textbox's client-side "onchange" event to perform the content
checking, in this case, the script checking will be performed everytime
after the client-user modify the content in the textbox.

Here are some articles discussing on peform content validation against
textbox entry field through javascript, you can replace those script
function with your own ones according to your validation requirement:

#Client-Side Form Verification with JavaScript
http://www.webdevelopersnotes.com/ti...r_input_from_a
_text_box_html_textarea_element.php3

http://webdeveloper.internet.com/jav...rification.htm
l

#Using JavaScript to prevent or trigger form submission when ENTER is hit
http://www.cs.tut.fi/~jkorpela/forms/enter.html
#Checking/Validating Fields
http://www.irt.org/script/form.htm#5
Please feel free to let me know if there is anything unclear above or any
other information you wonder.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Aug 22 '06 #4
Hello Vikas,

Have you got any further ideas on this issue? If there is any other
questions or if you need any further assistance, please feel free to post
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Aug 24 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Derek Fountain | last post: by
2 posts views Thread by Donald Firesmith | last post: by
2 posts views Thread by Paul Verbelen | last post: by
5 posts views Thread by ajos | last post: by
10 posts views Thread by test9991014@yahoo.com | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.