How to prevent "A potentially dangerous Request.Form...."?
Posted on 2004-09-02
I get the following error:
A potentially dangerous Request.Form value was detected from the client (text="...opi fäsö,-<sdfjllk").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (text="...opi fäsö,-<sdfjllk").
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (text="...opi fäsö,-<sdfjllk").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
I use a normal <form action="post"> and a normal <texarea>, both do NOT use "runat=server".
The text that causes this crash contains a "<", if I take it out, it's not dangerous anymore.
Any ideas, WHY this is happening... and more important, how to prevent it?