We help IT Professionals succeed at work.

Getting error "potentially dangerous Request.Form value" on ASP Page on Windows Server 2019

IIS and ASP.net problem.

I have an application that I recently moved from Windows Server 2008 to Windows Server 2019.

Some of the data being saved contains </=, which produces an error: A potentially dangerous Request.Form value was detected from the client

My page header contains:
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="WaferRFP.aspx.vb" Inherits="Wafers_WaferRFP" ValidateRequest="false" %>

I have also tried adding:
<pages validateRequest="false"></pages>
to the System.web section of the Web.config file, but I am still getting the error message.

What am I missing?
Comment
Watch Question

Chief Technology Ninja
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Hi Yonbert,

I think you would want to approach it from two sides
1. Try encoding the form values before submission.
2. Try setting the validation mode to backward compatibility 
<httpRuntime requestValidationMode="2.0" />

If you try the 2nd point, I would recommend doing it only for the pages where you are facing this error.

Regards,
Chinmay.

Author

Commented:
I added <httpRuntime requestValidationMode="2.0" /> to the web.config file and everything is now working as needed.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.