Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

A potentially dangerous Request.Form value was detected from the client

Posted on 2009-04-03
2
Medium Priority
?
1,806 Views
Last Modified: 2013-11-08
Dear Experts,

I know we will have this error if we input dangerous value like <script>.
and I know we can turn it off by using validaterequest in web.config or put it at each page.

but when we wrap it with <asp:updatepanel.. the error will become javascript error:
"Error: Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500"

How do we handle this? is it possible to make the error more friendly? maybe redirect it to other site? or if possible displaying an ajax message..

unwrap it from <asp:updatepanel also make an ugly error: "A potentially dangerous Request.Form value was detected from the client"

and I don't want to set the validaterequest to false either :).

Please kindly advise for better solution.

Thank you.




0
Comment
Question by:hotex
2 Comments
 
LVL 6

Accepted Solution

by:
hehdaddy earned 2000 total points
ID: 24068663
To catch the 500 error from the update panel, you can use script like this. It has to be placed after the script manager control:

Sys.WebForms.PageRequestManager.getInstance().add_endRequest(EndRequestHandler);

function EndRequestHandler(sender, args)
{
   if (args.get_error() != undefined)
   {
       var errorMessage;
       if (args.get_response().get_statusCode() == '500')
       {
           // Handle your error here
       }
       else
       {
           // Use this space for any other unspecified errors
       }
       args.set_errorHandled(true);
   }
}

On the server side, you can use the Global.asax file:

        protected void Application_Error(object sender, EventArgs e)
        {
            Exception ex = Server.GetLastError();

            if (ex is HttpRequestValidationException)
            {
                Response.Redirect("error.aspx");
                return;
            }
        }

I hope this helps.
0
 

Author Closing Comment

by:hotex
ID: 31566245
on server side we need to call Server.ClearError(); before redirecting..
Great solution. Thank you hehdaddy.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Simulator games are perfect for generating sample realistic data streams, especially for learning data analysis. It is even useful for demoing offerings such as Azure stream analytics, PowerBI etc.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Screencast - Getting to Know the Pipeline
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question