Geek Answers Handbook

The potentially dangerous Request.Form value was detected by the client

When I try to post any thing containing <whatever> I get

Potentially dangerous Request.Form value was found at the client Description: request verification has detected a potentially dangerous client input and the request was interrupted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripted attack. To allow canceling a request for a validation settings application, set requestValidationMode in the httpRuntime Configuration for requestValidationMode = "2.0". Example :, After setting this value, you can then disable request validation by setting validateRequest = "false" on the directive page or in the configuration. However, it is highly recommended that your application explicitly checks everything in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133 .

Exception Details: System.Web.HttpRequestValidationException: Potentially dangerous Request.Form value was detected by the client

I have the following asp.net code

  <asp:DetailsView ID="newsDetail" runat="server" DataSourceID="SqlDataSourceNews" AutoGenerateRows="False" DataKeyNames="id" OnItemUpdating="NewsDetailItemUpdating" OnItemCreated="NewsDetailItemCreated" OnItemDeleted="NewsDetailItemDeleted" OnItemInserted="NewsDetailItemInserted" OnItemInserting="NewsDetailItemInserting" OnItemUpdated="NewsDetailItemUpdated" DefaultMode="Insert"> <Fields> <asp:TemplateField FooterText="show at statpage" HeaderText="view" SortExpression="view"> ... </asp:TemplateField> <asp:BoundField DataField="headline" HeaderText="Headline" SortExpression="headline"> </asp:BoundField> <asp:TemplateField HeaderText="Text"> <ItemTemplate> <asp:Label ID="post" runat="Server" Text='<%# Eval("post") %>' OnPreRender="PostLabelPreRender" /> </ItemTemplate> <InsertItemTemplate> <asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine" Width="500px" Height="300px" /> </InsertItemTemplate> <EditItemTemplate> <asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine" Width="500px" Height="300px" /> </EditItemTemplate> </asp:TemplateField>

And code

  protected void NewsDetailItemUpdating(object sender, DetailsViewUpdateEventArgs e) { // Iterate though the values entered by the user and HTML encode // the values. This helps prevent malicious values from being // stored in the data source. for (int i = 0; i < e.NewValues.Count; i++) if (e.NewValues[i] != null) e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString()); } protected void NewsDetailItemInserting(object sender, DetailsViewInsertEventArgs e) { for (int i = 0; i < e.Values.Count; i++) if (e.Values[i] != null) e.Values[i] = Server.HtmlEncode(e.Values[i].ToString()); } protected void NewsDetailItemUpdated(object sender, DetailsViewUpdatedEventArgs e) { newsList.DataBind(); } protected void NewsDetailItemInserted(object sender, DetailsViewInsertedEventArgs e) { newsList.DataBind(); } protected void NewsDetailItemDeleted(object sender, DetailsViewDeletedEventArgs e) { newsList.DataBind(); } protected void NewsDetailItemCreated(object sender, EventArgs e) { newsList.DataBind(); }
+4
source share
2 answers

The problem you are facing is that in one of your text fields you put html tags or just <> tags and .net structure traces, which are potentially dangerous script. This is to prevent people from placing malicious script tags in input fields.

You can get around this by inserting the ValidateRequest="false" directive in your page, you will also need to place requestValidationMode="2.0" in your web.config

+6
source

Try this web.config file. add or set httpRuntime requestValidationMode as

 <httpRuntime requestValidationMode="2.0"/>
+1
source

More articles:


All Articles