CODEWITHSUNDEEP
asp.netvb.net
madphp
madphp

Reputation: 1764

Form Post Error

Can anyone explain what might be causing this error. Im thinking its the quotes.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerousRequest.Form value was detected from the client
(ctl00$ContentPlaceHolder1$DetailsView1$txtContent="...l economy.<br /><br />The
Prop...").

Upvotes: 2

Views: 370

Answers (6)

smok1
smok1

Reputation: 2950

My idea: allow this exception to be thrown. Use Application_Error handler to write code, that redirects (using Response.Redirect - this is important, since this gives users’ browser ability to go back) user to a custom error page. On this page write some text explaining that users had incorrectly input some text. Something like:

"Dear user, you have entered some invalid text, like “<” or “.”. Please, enter text using only characters and numbers".

Put a link on that page, and this link can contain a javascript "back" command:

href="javascript: history.go(-1)"

Users after clicking suchlink will be redirected by their browsers to the previous page, where they can re-edit their input.

Upvotes: 0

Michael Todd
Michael Todd

Reputation: 17051

That would be the '<' and '>'.

EDIT: It's assumed that including html entries in form responses is intended as an attack on the server on which the form resides. So, by default, any code that resembles html (i.e. includes '<' or '>') is automatically flagged as a problem.

One way to resolve this is to turn off this type of validation by setting validateRequest="false" in the Page directive for that page, but there are other (and better) ways to work around that.

Here's some information from Microsoft about this issue.

Upvotes: 0

riotera
riotera

Reputation: 1613

I think you can take a look at this A potentially dangerous Request.Form value was detected

Upvotes: 1

Rob
Rob

Reputation: 45771

The contents of a control (probably a textbox) contains what ASP.net considers to be markup, eg:

<br /><br />

You can add ValidateRequest="false" to the Page directive in your .aspx file as follows:

<%@ Page ........ ValidateRequest="false" ........ %>

As other answers noted, asp.net is doing this to try and protect you from potentially malicious input so make sure you're aware of the risk and encode/decode user data appropriately.

Upvotes: 1

Sani Huttunen
Sani Huttunen

Reputation: 24385

It actually should be

<br /><br />

it complains about.

Upvotes: 0

Dave Archer
Dave Archer

Reputation: 3060

Its the html "<br/>" tags.

Here's an article with a brief explanation . Also shows you how to work around it by turning off validation. Though I guess that would be a bit dangerous to just turn it off.

Upvotes: 0

Related Questions