Menu
I got the following message :
A potentially dangerous Request.Form value was detected from the client
When trying to save the value $ .
I looked at some common answers over the web and they suggested to use ValidateRequest="false" at the head of the .ASPX file.
Is it a good solution from the security point of view? Isn't a security risk?
481
To expand on CodeCaster's comment, this is definitely a dangerous thing to do. You're allowing users to enter information which means that a savvy user will now be able to play around with your site internals.
Cross-site scripting
If the value is being posted to some news feed or something else, allowing free-form input could mean injecting javascript into your feeds that will execute against other users of the site and open them up to attack. This could be as simple as injecting ads onto your site or even redirecting them to another attack page which will make you look pretty bad.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
