A potentially dangerous Request.Form ASHX httpHandler value was found

Question

A potentially dangerous Request.Form ASHX httpHandler value was found

I need to accept the XML data in a form message for my ashx http attack handler.

However, I get the error message “The potentially dangerous value of Request.Form was detected ..” when I pull the xml data from the request using request.Form.

I cannot set the validation request to false, as this is not an aspx page. What can I do?

eg.

<textarea rows="12" cols="50" name="Post2Data"> <root> <XML>.... </root> </textarea> request.Form["Post2Data"];

+4

asp.net

Ajm Aug 10 '12 at 9:48

source share

2 answers

adatapost · Answer 1 · 2012-08-10T09:55:22+0000

You can add the following entries in web.config.

 <location path="~/YourHandler.ashx"> <system.web> <pages validateRequest="false" /> </system.web> </location> <system.web> <compilation debug="true" targetFramework="4.0"/> <httpRuntime requestValidationMode="2.0" /> </system.web>

Graham harper · Answer 2 · 2017-02-20T12:48:50+0000

You can use the Unvalidated property to query, for example

 request.Unvalidated.Form["Post2Data"];

You will need to verify the correctness of the form data yourself. It is not validateRequest = false set validateRequest = false in production environments, as it leaves you vulnerable to cross-site scripting attacks.

A potentially dangerous Request.Form ASHX httpHandler value was found

More articles: