Solved

Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.

Posted on 2009-05-13
4
2,774 Views
Last Modified: 2013-11-08
I am working on a web application.
After entering the data in all the text boxes and pressed the submit button, I got the below error.

"Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags. "

Can anyone help me why I am getting this error and what is the solution for this.
0
Comment
Question by:GouthamAnand
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
jaydee-cdgp earned 500 total points
Comment Utility
Not sure what server(s) you are using but this might help:

http://www-01.ibm.com/support/docview.wss?uid=swg21344242
0
 
LVL 9

Expert Comment

by:tillgeffken
Comment Utility
ASP.NET is trying to help in making sure the user is not trying to make a
cross site scripting attack no your site. It is checked the first time you
access Request.Form or Request.QueryString collection.

If you insist you can disable it with the validateRequest setting:

http://msdn.microsoft.com/en-us/library/950xf363.aspx

If you do this it will be crucial that you validate any input data to
insure the user is not sending you malicious input.

0
 
LVL 9

Expert Comment

by:tillgeffken
Comment Utility
Forgot to mention that i recommend not to change the setting. What does your form input look like?
0
 

Author Closing Comment

by:GouthamAnand
Comment Utility
Thank you
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
The Confluence of Individual Knowledge and the Collective Intelligence At this writing (summer 2013) the term API (http://dictionary.reference.com/browse/API?s=t) has made its way into the popular lexicon of the English language.  A few years ago, …
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now