Troubleshooting: A potentially dangerous Request.Form value was detected from the client
This is an error which is caused by posting html-code in a textbox. The text doesn't need to contain valid HTML, just anything with opening and closing angled brackets ("<...>").
The complete error:
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContentPH$fvFaq$tbFaqBody_sv-SE="...the link <a href="http://www....").
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$mainContentPH$fvFaq$tbFaqBody_sv-SE="...the link <a href="http://www....").
Solution
There are two ways to disable request validation.
1. Turn it off in the Web.config file
<system.web>
<pages ValidateRequest="false"/>
</system.web>
<pages ValidateRequest="false"/>
</system.web>
2. Turn it off on the page it self
<%@ Page ValidateRequest="false" ... %>
A warning for injection
The validation is there for a reason. If you turn it off, visitors can post code like this, and that's not wanted in most cases.
alert('I am posting some dangerous code')
More info on the web site of Brian Cryer.
Comments
alert('I am posting some dangerous code') Wrote:
2:e April 2008
<p> Wrote:
2:e April 2008
Tomas Wrote:
3:e Juni 2008
Will Wrote:
17:e Juni 2008
Jesper Wrote:
17:e Juni 2008
aApe Wrote:
18:e Juni 2008