1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

A potentially dangerous Request.Form value was detected from the client

Discussion in 'C#' started by akshaykalia, Sep 18, 2011.

  1. #1
    Hi,

    i am trying to take a script as input in Textbox and then would want to display it in literal control
    However, when i try to do so, i get an error :

    I changed ValidateRequest="false" in the @Page Directive too but to no use.
    SEMrush
    Any Suggestions ? :(
     
    akshaykalia, Sep 18, 2011 IP
    SEMrush
  2. akshaykalia

    akshaykalia Member

    Messages:
    77
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    28
    #2
    I googled around and found that ValidateRequest="false" doesnt work in .NET framework 4.0
    One has to modify the web.config in the following way

     
    akshaykalia, Sep 21, 2011 IP
  3. nemanja.todic

    nemanja.todic Active Member

    Messages:
    69
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    80
    #3
    Be aware of using that though.

    You will need to check every user input to prevent cross-site scripting( very popular this days :) ) and other potential security issues.

    For example, see this article http://en.wikipedia.org/wiki/Cross-site_scripting .
     
    Last edited: Sep 22, 2011
    nemanja.todic, Sep 22, 2011 IP
  4. bibinsmk

    bibinsmk Active Member

    Messages:
    205
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #4
    If you are allow this. There is a possibility of attacks to your site. If you still wants this option you must track the user inputs
     
    bibinsmk, Oct 7, 2011 IP
  5. gtownfunk

    gtownfunk Member

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    41
    #5
    In my experience, the warning is overly harsh and asserted when it is not needed. You should still check your inputs.
     
    gtownfunk, Oct 31, 2011 IP