Menu
When I try to post any thing that contains <whatever> I get
A potentially dangerous Request.Form value was detected from the client Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: . After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client
I have following asp.net code
<asp:DetailsView ID="newsDetail" runat="server" DataSourceID="SqlDataSourceNews"
AutoGenerateRows="False" DataKeyNames="id"
OnItemUpdating="NewsDetailItemUpdating" OnItemCreated="NewsDetailItemCreated"
OnItemDeleted="NewsDetailItemDeleted" OnItemInserted="NewsDetailItemInserted"
OnItemInserting="NewsDetailItemInserting" OnItemUpdated="NewsDetailItemUpdated"
DefaultMode="Insert">
<Fields>
<asp:TemplateField FooterText="show at statpage" HeaderText="view" SortExpression="view">
...
</asp:TemplateField>
<asp:BoundField DataField="headline" HeaderText="Headline" SortExpression="headline">
</asp:BoundField>
<asp:TemplateField HeaderText="Text">
<ItemTemplate>
<asp:Label ID="post" runat="Server" Text='<%# Eval("post") %>' OnPreRender="PostLabelPreRender" />
</ItemTemplate>
<InsertItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</InsertItemTemplate>
<EditItemTemplate>
<asp:TextBox ID="postTextBox" runat="server" Text='<%# Bind("post") %>' TextMode="MultiLine"
Width="500px" Height="300px" />
</EditItemTemplate>
</asp:TemplateField>
And the code
protected void NewsDetailItemUpdating(object sender, DetailsViewUpdateEventArgs e)
{
// Iterate though the values entered by the user and HTML encode
// the values. This helps prevent malicious values from being
// stored in the data source.
for (int i = 0; i < e.NewValues.Count; i++)
if (e.NewValues[i] != null)
e.NewValues[i] = Server.HtmlEncode(e.NewValues[i].ToString());
}
protected void NewsDetailItemInserting(object sender, DetailsViewInsertEventArgs e)
{
for (int i = 0; i < e.Values.Count; i++)
if (e.Values[i] != null)
e.Values[i] = Server.HtmlEncode(e.Values[i].ToString());
}
protected void NewsDetailItemUpdated(object sender, DetailsViewUpdatedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemInserted(object sender, DetailsViewInsertedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemDeleted(object sender, DetailsViewDeletedEventArgs e)
{
newsList.DataBind();
}
protected void NewsDetailItemCreated(object sender, EventArgs e)
{
newsList.DataBind();
}
583
The problem you're having is that in one of your text boxes you have put html tags or just the < > symbols and the .net framework tracks that as a potential dangerous script. This is to prevent people from putting malicious script tags in the input fields.
You can work around this by putting in your page directive ValidateRequest="false" you will also have to put in your web.config <httpRuntime requestValidationMode="2.0" ... />
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
