Reputation: 2311
Hide source error (lines of code) when throwing exception
How can I hide line of source throwing an exception in yellow screen of death? For example, consider following screen of potential dangerous request:
In above example, source lines are not displayed. Whereas, if it is any custom written code throwing an exception, lines of error are always displayed as following:
How can I hide lines of code (similar to first image) when throwing an error?
Upvotes: 5
Views: 14607
Answers (7)
Reputation: 25
make a fake class - create dll
public static class yummy
{
public static FAKER()
{
throw new exception();
}
}
goto your currently working project. add reference that DLL go where you want to throw error . write this.
// lines of codes
yummy.Faker();
i put it in a some constructor of static class ie helper12. Then exception seemed like it was coming from helper12 class
Upvotes: 0
Reputation: 40736
Set the mode attribute of the customErrors section to RemoteOnly in your "web.config" file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<customErrors mode="RemoteOnly" />
</system.web>
</configuration>
This enables you to see detailed errors when you are browsing the website locally on your server but does not expose detailed errors for remote visitors.
Alternatively, set it to On instead of RemoteOnly to completely hide detailed errors, no matter whether you are browsing remotely or locally.
Upvotes: 9
Reputation: 148524
add those lines to Web.config
<configuration>
...
<system.web>
<customErrors mode="On"
defaultRedirect="~/ErrorPages/Oops.aspx" />
...
</system.web>
</configuration>
Upvotes: 0
Reputation: 15663
If this is live and not on a development machine, it shouldn't appear at all.
You might check <customErrors> from web.config so you can set to show a nice html page (plain static, not aspx, not handled by ASP .Net) which says that an error happened, etc.
Then ELMAH is good for logging these errors (including the source lines, will need to see were the errors occurred so you can fix etc).
Also, live websites should not be deployed in DEBUG mode, but in Release mode. For Web Site Projects this can be switched in config only, but for Web Application Projects you need to compile with the proper settings.
Upvotes: 0
Reputation: 15861
as it is clearly telling is Potentially dangerous request, user may sending un-sanitized data like
<script type="text/javascript"> alert('sdas');</script> .
and you even check this link Prevent Script exploits
- you can HtmlEncode method, HTML Encode
- you can disable the custome Errors in web config
web config
<system.web>
<customErrors mode="RemoteOnly"/>
</system.web>
Upvotes: 0
Reputation: 6149
To do this is very simple, just edit your web.config file so that:
<customErrors mode="RemoteOnly" />
Upvotes: 1
Reputation: 1333
you can configure this in your web config customErrors definition.
http://msdn.microsoft.com/en-us/library/h0hfz6fc(v=vs.71).aspx
Upvotes: 1
Related Questions
- Visual Studio - suppress certain "Exception thrown" messages
- C# Exception - make the "Source Error" the line where the method was called
- How to track which line raised the exception
- How to hide .NET error box?
- Show Custom Exception Message
- Statement if InnerException is null then don't show
- Throwing exceptions in ASP.NET C#
- How to handle an exception within exception handling code?
- catching exceptions in asp.net markup
- Suppressing runtime exceptions in C# for ASP.NET MVC application