Geek Answers Handbook

How to get the form value that caused the "potentially dangerous Request.Form value detected by the client" in MVC?

I have an MVC3 application that has its own HandleErrorAttribute attribute so that I can send an error message. I often get the "potentially dangerous Request.Form value that was detected by the client", but it only displays the first few characters of the form value that caused the exception. I would like to see all the value of the form that was entered in order to try to get a more complete idea if the input was malicious or random for the user. However, when I try to pull out the form values ​​in HandleErrorAttribute, it causes the same error! Any idea how to get the form values ​​from Request.Form without causing validation in my exception handler?

public class HandleErrorLogAttribute : HandleErrorAttribute
{
    public override void OnException(ExceptionContext context)
    {
        base.OnException(context);

        //Record Error
        string errorDetails = HttpUtility.HtmlEncode(context.Exception.ToString());

        // Throws "otentially dangerous..." error here
        foreach (var key in context.RequestContext.HttpContext.Request.Form.AllKeys)
        {
            errorDetails += key + "=" + HttpUtility.HtmlEncode(context.RequestContext.HttpContext.Request.Form[key]);
        }

        // Send Email with errorDetails
    }
}
+5
source share
1 answer

ASP.NET 4.5 HttpRequest.Unvalidated.Form.

HttpRequest._form:

HttpRequest request = context.RequestContext.HttpContext.Request;
NameValueCollection form = (NameValueCollection)request.GetType().InvokeMember(
    "_form",
    BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetField,
    null, request, null);

, _form HttpRequest.Form, , HttpRequest.Form .

+12

More articles:


All Articles