arthurh88
asked on
ASP.NET A potentially dangerous Request.Form value was detected
I'm getting thousands of messages like this in my Application Event Log for IIS wp3.exe...all regarding the same web page.
Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").
The textbox on that page is meant for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe
So here is my goal: I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.
What is my best step? Thanks!
Exception message: A potentially dangerous Request.Form value was detected from the client (TextBox1="...ifsbwjwf, <a href="http://cial...").
The textbox on that page is meant for a user to enter a City or ZIP code, thus only for characters, numbers, dashes, commas, and the occasional apostrophe
So here is my goal: I want to eliminate this error message popping up in my event log (I need to properly handle it), and I want to make sure that I'm also not just allowing my form to be wide open to malicious text box entries.
What is my best step? Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you write a string to HTML, you should encode characters that have special meaning in HTML, using Server.HtmlEncode.
ASKER