"A potentially dangerous Request.Form value was detected from the client "
If the "ValidateRequest" is set to true and someone tries to submit HTML content (Example:<a> Hello </a>) to the server, this error occurs as ASP.Net tries to protect the application from Script Attacks.
What is "ValidateRequest" ?
As it is always recommended to validate input data and HTML encode it where required, ValidateRequest feature of Asp.Net helps to achieve this. It helps in preventing script-injection attacks made by client script code.
If ValidateRequest feature is set to true and the user tries to enter the HTML content in the form the Error:"A potentially dangerous Request.Form value was detected from the client "
is generated.
Inorder to overcome this error we can set this feature to false.
Example:
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest = "false"
This will disable this feature for your current page.
If you want to disable it for your whole application then you have to set it false in your web.config <system.web> section
<pages validateRequest ="false" />
Note:-> Incase of .Net 4.0 or higher frameworks you need to add the following line in the <system.web> section:
<httpRuntime requestValidationMode = "2.0" />
Important:-> If you have disabled the ValidateRequest, then it will be good if you HTML encode the content. HTML encoding replaces the HTML tags with its corresponding HTML encoded representation.
Example: < is replaced by < and > is replaced by >
For HTML encoding use: Server.HtmlEncode(TextBox1.Text) method
and
For HTML decoding use:
Server.HtmlDecode(TextBox1.Text) method
0 Comment(s)