473,500 Members | 1,967 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

potentially dangerous Request.Form value was detected

getting this "potentially dangerous Request.Form value was detected"
exception with a textbox which I have populated with some source
code. I think I am getting the exception when I click OK on the web
page, but that is one of my question, so I am not sure ;)

I am reading how to disable request validation,
http://www.asp.net/faq/RequestValidation.aspx#5

but I dont want to do that. I would rather catch the exception. But I
guess that is not workable because at the time the validation
exception is thrown, the individual control with the invalid data is
not yet know. correct?

should I Server.HtmlEncode the data I put in the textbox before
posting to the browser? If I do that the data will display in encoded
form ( correct? ) and I dont want that.

how do I accept textbox input from a form that fails RequestValidation
without disabling that validation?

thanks,

-Steve

Jun 26 '07 #1
2 4159
request validation is looking for script and html attacks. so typing a
"<" or "&#" in a textbox will fire this error on postback. each control
checks this when it loads the postback data. as this is a page event,
you can only catch the error with a global error handler.

if validation is on, you should never set Text of a webcontrol to these
character. if you htmlencode, the browser will convert to the correct
values, but will cause a postback error.

there is no way to display these values in a textbox and postback unless
you turn off validation.

-- bruce (sqlwork.com)

Steve Richter wrote:
getting this "potentially dangerous Request.Form value was detected"
exception with a textbox which I have populated with some source
code. I think I am getting the exception when I click OK on the web
page, but that is one of my question, so I am not sure ;)

I am reading how to disable request validation,
http://www.asp.net/faq/RequestValidation.aspx#5

but I dont want to do that. I would rather catch the exception. But I
guess that is not workable because at the time the validation
exception is thrown, the individual control with the invalid data is
not yet know. correct?

should I Server.HtmlEncode the data I put in the textbox before
posting to the browser? If I do that the data will display in encoded
form ( correct? ) and I dont want that.

how do I accept textbox input from a form that fails RequestValidation
without disabling that validation?

thanks,

-Steve
Jun 26 '07 #2
On Jun 26, 6:24 pm, bruce barker <nos...@nospam.comwrote:
request validation is looking for script and html attacks. so typing a
"<" or "&#" in a textbox will fire this error on postback. each control
checks this when it loads the postback data. as this is a page event,
you can only catch the error with a global error handler.

if validation is on, you should never set Text of a webcontrol to these
character. if you htmlencode, the browser will convert to the correct
values, but will cause a postback error.

there is no way to display these values in a textbox and postback unless
you turn off validation.
ok. thank you.

Jun 26 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
1408
Why Getting 'A Potentially Dangerous Request...' Error?
by: Anil Kripalani | last post by:
When a user of our ASP.NET 1.1 application submits a form with the phrase 'manuscript:' in a text field, ASP returns the error 'A potentially dangerous Request.Form value was detected from the...
ASP.NET
1
5851
Trapping a ' potentially dangerous Request.QueryString value'
by: John Morgan | last post by:
I am attempting to use a try/catch block to trap a querystring which is caught by ValidateRequest="true" in the @page directive A simple example of the blockthat does not work is Try...
ASP.NET
1
5399
how to try-catch potentially dangerous Request.Form value exception
by: angus | last post by:
Dear All, how to try-catch "A potentially dangerous Request.Form value was detected from the client (txtUserName="<asdf")." this exception? i've set the debugger in the Page_InIt function,...
ASP.NET
6
1764
Potentially dangerous script - urgent!
by: STech | last post by:
If data you post back contains the following string on<<any sequence of characters>>= example: on2q3asdf= The page will throw the following exception: A potentially dangerous Request.Form...
ASP.NET
1
2585
Server.URLEncode and potentially dangerous string
by: veenakj | last post by:
Hi Code snippet -------------- strErrMsg = "Could not find a part of the path \"C:\\Temp\\data\\Test.xml\"." } Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));...
ASP.NET
0
972
A potentially dangerous Request.Form value was detected...
by: randy collins | last post by:
I have a <BUTTON> control that I use, because I want the text on the button to display with an underscore on the lead character to indicate that it has an access key associated with it. To do...
ASP.NET
1
3895
Potentially dangerous Request.Form value for Cancel button Click
by: Sergey Zuyev | last post by:
Hello all I have simple edit form. When user saves data that contains restricted characters such as (< , etc.) , regular expression validator will display a warning message. It all works fine,...
ASP.NET
2
1756
A potentially dangerous Request.Form value was detected from the client
by: arun | last post by:
Hi I want to store the text from a TextBox that contains <br, *, $ etc.to sql server. But it shows me an error message "A potentially dangerous Request.Form value was detected from the client...
ASP.NET
1
1774
Localization and Potentially Dangerous Request.Form Values
by: djmc | last post by:
Using the asp.net button control (and I assume others), I place the phrase "Don't Save" in the .Text field. The button displays without any problems, but upon postback, the server responds with "A...
ASP.NET
0
7136
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
1
6906
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5490
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
4923
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4611
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3110
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3106
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
672
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
316
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us