Solved

A potentially dangerous Request.Form value was detected from the client

Posted on 2009-04-03
2
1,751 Views
Last Modified: 2013-11-08
Dear Experts,

I know we will have this error if we input dangerous value like <script>.
and I know we can turn it off by using validaterequest in web.config or put it at each page.

but when we wrap it with <asp:updatepanel.. the error will become javascript error:
"Error: Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500"

How do we handle this? is it possible to make the error more friendly? maybe redirect it to other site? or if possible displaying an ajax message..

unwrap it from <asp:updatepanel also make an ugly error: "A potentially dangerous Request.Form value was detected from the client"

and I don't want to set the validaterequest to false either :).

Please kindly advise for better solution.

Thank you.




0
Comment
Question by:hotex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
hehdaddy earned 500 total points
ID: 24068663
To catch the 500 error from the update panel, you can use script like this. It has to be placed after the script manager control:

Sys.WebForms.PageRequestManager.getInstance().add_endRequest(EndRequestHandler);

function EndRequestHandler(sender, args)
{
   if (args.get_error() != undefined)
   {
       var errorMessage;
       if (args.get_response().get_statusCode() == '500')
       {
           // Handle your error here
       }
       else
       {
           // Use this space for any other unspecified errors
       }
       args.set_errorHandled(true);
   }
}

On the server side, you can use the Global.asax file:

        protected void Application_Error(object sender, EventArgs e)
        {
            Exception ex = Server.GetLastError();

            if (ex is HttpRequestValidationException)
            {
                Response.Redirect("error.aspx");
                return;
            }
        }

I hope this helps.
0
 

Author Closing Comment

by:hotex
ID: 31566245
on server side we need to call Server.ClearError(); before redirecting..
Great solution. Thank you hehdaddy.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question