A potentially dangerous Request.Form value was detected from the client

Discussion in 'C#' started by akshaykalia, Sep 18, 2011.

0
  1. #1
    Hi,

    i am trying to take a script as input in Textbox and then would want to display it in literal control
    However, when i try to do so, i get an error :

    I changed ValidateRequest="false" in the @Page Directive too but to no use.

    Any Suggestions ? :(
     
    akshaykalia, Sep 18, 2011 IP
  2. akshaykalia

    akshaykalia Member

    Messages:
    77
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    28
    #2
    I googled around and found that ValidateRequest="false" doesnt work in .NET framework 4.0
    One has to modify the web.config in the following way

     
    akshaykalia, Sep 21, 2011 IP
  3. nemanja.todic

    nemanja.todic Well-Known Member

    Messages:
    69
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    130
    #3
    Be aware of using that though.

    You will need to check every user input to prevent cross-site scripting( very popular this days :) ) and other potential security issues.

    For example, see this article http://en.wikipedia.org/wiki/Cross-site_scripting .
     
    Last edited: Sep 22, 2011
    nemanja.todic, Sep 22, 2011 IP
  4. bibinsmk

    bibinsmk Active Member

    Messages:
    205
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #4
    If you are allow this. There is a possibility of attacks to your site. If you still wants this option you must track the user inputs
     
    bibinsmk, Oct 7, 2011 IP
  5. gtownfunk

    gtownfunk Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    41
    #5
    In my experience, the warning is overly harsh and asserted when it is not needed. You should still check your inputs.
     
    gtownfunk, Oct 31, 2011 IP