Solved

ASP.NET A potentially dangerous Request.Form value was detected

Posted on 2013-02-04
3
693 Views
Last Modified: 2013-02-04
I'm getting thousands of messages like this  in my Application Event Log for IIS wp3.exe...all regarding the same web page.

Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").


The textbox on that page is meant  for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe

So here is my goal:  I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.

What is my best step?  Thanks!
0
Comment
Question by:arthurh88
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 38853599
Add "validateRequest="false" into the Page directive (first line of your .aspx file)
http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client
0
 

Author Comment

by:arthurh88
ID: 38853602
doesn't that open up my page to malicious attacks?
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 38853625
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question