Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$dvProtocol$ctl08="...nrollment.

&

Hi I'm using VS2013, asp.net web form and C#.
I have a detailsview contorl.  Its bind to a datasource of a datatable which I populated with data I got back form a web service call.  I also have a Edit button in the form and in my back end code I just change the mode to Edit.  I'm trying to process wen user clicks on the update of the Update or Cancel button on my detailsview control.    However, when either of the buttons is clicked, I get the error message attached.  I'm also attaching part of aspx and C# code.

And how can I wire up the processing of the Update or the Cancel button(in Edit mode)?  Are they only able to be wired up with javascript?  I don't see any events available for them in the property.

thank you.
ItemCommand.txt
detailsview.txt
reqest-error.txt
lapuccaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
Maybe this will help.

On the model add this attribute to each property that you need to allow HTML - best choice

[AllowHtml]

Open in new window

On the controller action add this attribute to allow all HTML

[ValidateInput(false)]

Open in new window

Brute force in web.config - definitely not recommended
lapuccaAuthor Commented:
Hi Randy,
All my data(retrieved from a web service call) displayed in the fields are just text, well, at least that's what I see on the web form of detailsview control.  Where is this HTML code that it's complaining about that needs validation or encoding?
I did do the quick and dirty job by putting this in my web.config.  I will remove them if there is another way or if I can figure out why I'm getting this error form these data.  
    <httpRuntime targetFramework="4.5" requestValidationMode="2.0"/>
    <pages validateRequest="false">

Also, I'm using web form so there is no model or controller.  
Thank you.
Randy DownsOWNERCommented:
Your text may have html attributes like strong or italics. If you add the [AllowHtml] to each property retrieved from the web service call it should run without complaining. You can inspect the code with a browser like Chrome to see what code is being generated.

 I assume that the web.config fixed your problem but it's a bit drastic and may be exploited. It's best to only allow html where you need it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

lapuccaAuthor Commented:
Randy,
Yes, agree about web.config is drastic and not ideal.  Question, why in VS debug mode I don't see the html code?  Each of the field that I retrieve are just text.  I can only see the html markup in browser?  Thank you.
Randy DownsOWNERCommented:
Anything displayed on the web is html.

Maybe this tutoirial will help you see the html in your webform. The key is looking at the aspx file in Page Inspector.

Task 1 - Exploring Page Inspector

In this task, you will learn how to use the Page Inspector features in the context of a WebForms project that shows a photo gallery.

Open the Begin solution located at Source/Ex2-WebForms/Begin/ folder.

You will need to download some missing NuGet packages before continue. To do this, click the Project menu and select Manage NuGet Packages.
In the Manage NuGet Packages dialog, click Restore in order to download missing packages.
Finally, build the solution by clicking Build | Build Solution.
Note: One of the advantages of using NuGet is that you don't have to ship all the libraries in your project, reducing the project size. With NuGet Power Tools, by specifying the package versions in the Packages.config file, you will be able to download all the required libraries the first time you run the project. This is why you will have to run these steps after you open an existing solution from this lab.

In the Solution Explorer, locate Default.aspx page, right-click it and select View in Page Inspector.
lapuccaAuthor Commented:
thank you and sorry it took a while for me to return to this.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.