ASP.NET A potentially dangerous Request.Form value was detected

I'm getting thousands of messages like this  in my Application Event Log for IIS wp3.exe...all regarding the same web page.

Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").


The textbox on that page is meant  for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe

So here is my goal:  I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.

What is my best step?  Thanks!
arthurh88Asked:
Who is Participating?
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
Add "validateRequest="false" into the Page directive (first line of your .aspx file)
http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client
0
 
arthurh88Author Commented:
doesn't that open up my page to malicious attacks?
0
 
David Johnson, CD, MVPOwnerCommented:
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.