Link to home
Start Free TrialLog in
Avatar of arthurh88
arthurh88

asked on

ASP.NET A potentially dangerous Request.Form value was detected

I'm getting thousands of messages like this  in my Application Event Log for IIS wp3.exe...all regarding the same web page.

Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").


The textbox on that page is meant  for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe

So here is my goal:  I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.

What is my best step?  Thanks!
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of arthurh88
arthurh88

ASKER

doesn't that open up my page to malicious attacks?
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.