Solved

A potentially dangerous Request.Form value was detected from the client

Posted on 2009-04-03
2
1,743 Views
Last Modified: 2013-11-08
Dear Experts,

I know we will have this error if we input dangerous value like <script>.
and I know we can turn it off by using validaterequest in web.config or put it at each page.

but when we wrap it with <asp:updatepanel.. the error will become javascript error:
"Error: Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500"

How do we handle this? is it possible to make the error more friendly? maybe redirect it to other site? or if possible displaying an ajax message..

unwrap it from <asp:updatepanel also make an ugly error: "A potentially dangerous Request.Form value was detected from the client"

and I don't want to set the validaterequest to false either :).

Please kindly advise for better solution.

Thank you.




0
Comment
Question by:hotex
2 Comments
 
LVL 6

Accepted Solution

by:
hehdaddy earned 500 total points
ID: 24068663
To catch the 500 error from the update panel, you can use script like this. It has to be placed after the script manager control:

Sys.WebForms.PageRequestManager.getInstance().add_endRequest(EndRequestHandler);

function EndRequestHandler(sender, args)
{
   if (args.get_error() != undefined)
   {
       var errorMessage;
       if (args.get_response().get_statusCode() == '500')
       {
           // Handle your error here
       }
       else
       {
           // Use this space for any other unspecified errors
       }
       args.set_errorHandled(true);
   }
}

On the server side, you can use the Global.asax file:

        protected void Application_Error(object sender, EventArgs e)
        {
            Exception ex = Server.GetLastError();

            if (ex is HttpRequestValidationException)
            {
                Response.Redirect("error.aspx");
                return;
            }
        }

I hope this helps.
0
 

Author Closing Comment

by:hotex
ID: 31566245
on server side we need to call Server.ClearError(); before redirecting..
Great solution. Thank you hehdaddy.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question