Monday, December 19, 2011

A Potentially Dangerous Request.Form Value Was Detected From Client

A potentially dangerous Request.Form value was detected from the client.

This A potentially dangerous Request.Form value was detected from the client error occurs when user enter any script tag <> like or any html <> tag like etc in taxtbox.

Reason for this is asp.net prevent any attempt to compromise the security of application by script injection like cross site scriptiong etc through textbox.

To resolve this issue we can do following things.



1. Set validateRequest property to false in page directive.


<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs"
Inherits="_Default" ValidateRequest="false" %>

2.You can set ValidateRequest property to false in web.config if you want to turn validateRequest off for the whole application
<configuration>
  <configuration>
    <system.web>
      <pages validateRequest="false" />
    </system.web>
</configuration>

3. If you don't want to set validateRequest to false then use methods like regular expression or replace() to check for any special character or script tag entry in text box

<asp:textbox id="TextBox2" runat="server"
             onblur="this.value = this.value.replace(/&lt;\/?[^>]+>/gi, '');">
</asp:textbox>

No comments:

Post a Comment