Solved

A potentially dangerous Request.Form value was detected from the client

Posted on 2009-04-03
2
1,726 Views
Last Modified: 2013-11-08
Dear Experts,

I know we will have this error if we input dangerous value like <script>.
and I know we can turn it off by using validaterequest in web.config or put it at each page.

but when we wrap it with <asp:updatepanel.. the error will become javascript error:
"Error: Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500"

How do we handle this? is it possible to make the error more friendly? maybe redirect it to other site? or if possible displaying an ajax message..

unwrap it from <asp:updatepanel also make an ugly error: "A potentially dangerous Request.Form value was detected from the client"

and I don't want to set the validaterequest to false either :).

Please kindly advise for better solution.

Thank you.




0
Comment
Question by:hotex
2 Comments
 
LVL 6

Accepted Solution

by:
hehdaddy earned 500 total points
ID: 24068663
To catch the 500 error from the update panel, you can use script like this. It has to be placed after the script manager control:

Sys.WebForms.PageRequestManager.getInstance().add_endRequest(EndRequestHandler);

function EndRequestHandler(sender, args)
{
   if (args.get_error() != undefined)
   {
       var errorMessage;
       if (args.get_response().get_statusCode() == '500')
       {
           // Handle your error here
       }
       else
       {
           // Use this space for any other unspecified errors
       }
       args.set_errorHandled(true);
   }
}

On the server side, you can use the Global.asax file:

        protected void Application_Error(object sender, EventArgs e)
        {
            Exception ex = Server.GetLastError();

            if (ex is HttpRequestValidationException)
            {
                Response.Redirect("error.aspx");
                return;
            }
        }

I hope this helps.
0
 

Author Closing Comment

by:hotex
ID: 31566245
on server side we need to call Server.ClearError(); before redirecting..
Great solution. Thank you hehdaddy.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Many of us here at EE write code. Many of us write exceptional code; just as many of us write exception-prone code. As we all should know, exceptions are a mechanism for handling errors which are typically out of our control. From database errors, t…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now