.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Articles >> ASP.NET >> Post New Resource Bookmark and Share   

 Subscribe to Articles

How to avoid security error in ASP.NET textbox while inputting html content?

Posted By:Jean Paul       Posted Date: February 09, 2011    Points: 75    Category: ASP.NET    URL: http://www.dotnetspark.com  

How to avoid security error in ASP.NET textbox while inputting html content?
 

The ASP.NET handler checks for security threats on page submissions.  This is part of the security checks, otherwise malicious scripts could be injected to the server.

But, in some alternative cases we need to bypass this - say we need to save a webpage into the database.  But the page validation throws the error.

You can try the following:

1. Create a web application and place a textbox and button on it.

2. Run the application and try entering the following data into the textbox

Test Content

3. Click the button to submit the page

4. You will be receiving the following error:

Server Error in '/' Application.

A potentially dangerous Request.Form value was detected from the client (TextBox1="test").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="Test Content").

Solution

Set the ValidateRequest property to false in the page level (It is a very easy solution)

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="WebApplication2._Default" ValidateRequest="false" %>


Now try rerunning the application and click the button.  The error is disappeared now.

 Subscribe to Articles

     

Further Readings:

Responses

No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend