Welcome Guest! To enable all features please Register.

Notification

Icon
Error
New Topic Post Reply
asp.net 4.0 System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value wa
Options View
Previous Topic Next Topic
Guest
#1 Posted : Tuesday, May 24, 2011 6:12:30 AM(UTC)
Quote
Rank: Guest

Joined: 12/12/2009(UTC)
Posts: 443
Points: 1,361
I just upgraded to asp.net 4.0 and when i try to update anything in my Blogengine 1.6 implementation, the syetm throws the follwoing error:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client.
A potentially dangerous Request.Form value was detected from the client (Text="<p>what?</p>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client


Whats the issue? and what should i do to resolve it?
Back to top
 |  Edit by moderator
Sponsor

Back to top  
Soan
#2 Posted : Tuesday, May 24, 2011 6:26:17 AM(UTC)
Quote
Rank: Administration
Soan

Joined: 1/9/2010(UTC)
Posts: 393
Points: 1,158
Location: India
Well..yes..the error would happen if you upgrade to asp.net 4.
The solution is also simple and it is mentioned in the error itself...but i will just write it here again for more clarity:

Add the following attribute to your httpruntime tag in web.config:

<httpRuntime requestValidationMode="2.0" />.

After setting this value, set validateRequest="false" in the pages tag:
<pages validateRequest="false">


This will solve the error. Let me know if you need more information.
Back to top
WWW BLOG
Guest
#4 Posted : Wednesday, December 14, 2011 4:16:23 AM(UTC)
Quote
Rank: Guest

Joined: 12/12/2009(UTC)
Posts: 443
Points: 1,361
thanks lot man.It's working fine
Back to top
Guest
#3 Posted : Tuesday, January 10, 2012 10:30:05 AM(UTC)
Quote
Rank: Guest

Joined: 12/12/2009(UTC)
Posts: 443
Points: 1,361
Thanks Buddy


Problem resolved ... nice
Back to top
Guest
#5 Posted : Wednesday, April 04, 2012 2:32:04 PM(UTC)
Quote
Rank: Guest

Joined: 12/12/2009(UTC)
Posts: 443
Points: 1,361
Problem NOT resolved - you just disabled security-checks for the entire Request and opened up your app, allowing anyone to post HTML to ANY of the fields on your form.

I wish I could tell you how to do this "correctly" - you have no idea how many hours I've spent on this...
Back to top
Quick Reply Show Quick Reply
Users browsing this topic
Guest
New Topic Post Reply
Forum Jump  
You can post new topics in this forum.
You can reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF | YAF © 2003-2011, Yet Another Forum.NET