A potentially dangerous Request.Form value was detected from the client

Published Saturday, November 17, 2007 1:39 AM

by default asp.net checks for the scripts in requests so that if it finds a user that is posting javascript or HTML in a request body it will throw an exception "A potentially dangerous Request.Form value was detected from the client"

but sometimes you need this like when you allow a user to send HTML formatted block like in an article or if you are building a blog engine and u need to enable the user to add affiliation site codes or a google analytics block

in this case all you have to do is to modify your page directive to be 

   1: <%@ Page Language="c#" AutoEventWireup="false" ValidateRequest="false" %>

ValidateRequest attribute makes sure that asp.net disables this validation

you can also add this node to the page section in web.config 

   1: <pages validateRequest="false" />

but of course this is not recommended as it would disable all validation on all pages.

when using these changes please do not forget to make your own validation

 

by amir.magdy
Filed under: ,

Comments

# DotNetKicks.com said on Wednesday, December 05, 2007 1:51 PM

You've been kicked (a good thing) - Trackback from DotNetKicks.com

Leave a Comment

(required) 
(required) 
(optional)
(required)