Solved

ASP.NET A potentially dangerous Request.Form value was detected

Posted on 2013-02-04
3
674 Views
Last Modified: 2013-02-04
I'm getting thousands of messages like this  in my Application Event Log for IIS wp3.exe...all regarding the same web page.

Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").


The textbox on that page is meant  for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe

So here is my goal:  I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.

What is my best step?  Thanks!
0
Comment
Question by:arthurh88
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 38853599
Add "validateRequest="false" into the Page directive (first line of your .aspx file)
http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client
0
 

Author Comment

by:arthurh88
ID: 38853602
doesn't that open up my page to malicious attacks?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 38853625
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question