Tuesday, November 6, 2012

ASP.NET 4.0 A potentially dangerous Request.Form value was detected from the client.

"A potentially dangerous Request.Form value was detected from the client".

This error happens in ASP.NET when you try to submit text to server which contain HTML Tags. This is a mechanism in ASP.NET environment to safagaurd from cross sire scripting attack.

The error can be suppressed by setting a property to your page directive. The property and its value is as follows:
validateRequest="false" .
So the part of the Page Directive will look like below:
<pages validateRequest="false" />

But with .NET Framework 4.0 and above, the error started showing up again even with the validateRequest property set to "false".
To overcome this error in .NET Framework 4.0 you will need one more step.
You will need to set the "requestValidationMode" property  to "2.0" to the httpRuntime configuration section of the web.config file. The resulting tag will look like:
<httpRuntime requestValidationMode="2.0"/>

If your web.config file does not have a httpRuntime section already, then add it inside the
<system.web> section.

If you want to turn off request validation for users globally, the following line in the web.config file within <system.web> section will help:
<pages validateRequest="false" />

No comments:

Post a Comment