Solved

ASP.NET A potentially dangerous Request.Form value was detected

Posted on 2013-02-04
3
680 Views
Last Modified: 2013-02-04
I'm getting thousands of messages like this  in my Application Event Log for IIS wp3.exe...all regarding the same web page.

Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").


The textbox on that page is meant  for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe

So here is my goal:  I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.

What is my best step?  Thanks!
0
Comment
Question by:arthurh88
  • 2
3 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 38853599
Add "validateRequest="false" into the Page directive (first line of your .aspx file)
http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client
0
 

Author Comment

by:arthurh88
ID: 38853602
doesn't that open up my page to malicious attacks?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 38853625
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
API v SOA 8 37
VS 2017 18 101
custom authorization on controller action and HTML in asp.net mvc 1 42
Broken .resx file generating errors 18 14
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question