.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

A potentially dangerous Request.Form value was detected from the client

Posted By:      Posted Date: September 26, 2010    Points: 0   Category :ASP.Net

I know this has been discussed already but my problem isn't the error itself. My problem is I am including [ValidateInput(false)] above my ActionResult and I still receive this error when I click submit. Is there something somewhere else overriding this command?

Here is what the code looks like.

[Authorize(Roles = "Administrator")]
        public ActionResult Create(FormCollection Form)

[Authorize(Roles = "Administrator")]



View Complete Post

More Related Resource Links

A potentially dangerous Request.Form value was detected from the client



i have a form that use can insert some text in textbox

if user insert <..> page return an error like

A potentially dangerous Request.Form value was detected from the client 

the problem is i need to user inter some html code that's because i change the code in web.config file

<pages validateRequest="false"

URGENT!!, A potentially dangerous Request.Form value was detected from the client



I get mails about an unhandled error has occurred:
Message: A Potentially Dangerous Request.Form value was detected from the client (ctl00 $ default master content $ txtCustomerMessage ="... ???????? <a href = "http://aovo ...").

 Stack Trace:
   at System.Web.HttpRequest.ValidateString (String s, String Value name, String collection name)
   at System.Web.HttpRequest.ValidateNameValueCollection (name value collection nvc, String collection name)
   at System.Web.HttpRequest.get_Form ()
   at System.Web.HttpRequest.get_HasForm ()
   at System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode ()
   at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.AsyncPageProcessRequestBeforeAsyncPointCancellableCallback (Object state)
   at System.Web.HttpContext.InvokeCancellableCallback (wait callback callback, Object state)
   at System.Web.UI.Page.AsyncPageBeginProcessRequest (HttpC

A potentially dangerous Request.Form value was detected from the client


I am getting the above error when I am trying to save a value '<TS1'. I did the search and came to know it is about html injection. So I entered ValidateRequest="false" on top of the page and in the code behind file I have the following code.

Protected Sub fvAddCompass_ItemInserting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.FormViewInsertEventArgs) Handles fvAddCompass.ItemInserting

Dim strProvided A

A potentially dangerous Request.Form value was detected from the client


We have a DOT.NET app that we paste info into. Sometimes the text contains characters which seem to offend dot.net. So the application breaks. How we intecept these breaks and then decide for ourselves if the content is really "potentially dangerous" or not?

The same string even breaks this "post a new message".

A potentially dangerous Request.Form value was detected from the client


i have 2 aspx files
1) 1.aspx - collects info from the user, stores into the DB.
2) 2.aspx - collects info from the DB and displays back to the user

in 2.aspx, i am encoding(htmlencode,urlencode.....) and displaying the info. so srcipt is displayed as text but not executed. -- expected result.
in 1.aspx, i am collecting info from textboxes and store in DB,i am getting below exception when clicked on save button.
"A potentially dangerous Request.Form value was detected from the client ...".

how do i fix it?
guys please dont tell me to turn off validaterequest.i want that to be turned ON, for security reasons.

also i want to validate the input before storing into the DB.so that my DB holds verified and trusted data(not malicious).

any help would be highly appreciated.

A potentially dangerous Request.Form value was detected from the client in


Hi All, I have a MVC application and I am using a rich text box control in a textarea control. I have bind the page with the Model and fetching the data from the class properties. here is the textarea control to use the Text Editor


HttpContext.Session A potentially dangerous Request.QueryString value was detected from the client


I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

I've read that I can set the validateRequest to false, but I was wondering about the impacts and looking for any other suggestions. 

I know very little about security when it comes to web programming but I thought I should mention that my handler will be running on a internal file server but transmitting data to/from an eCommerce platfo

A potentially dangerous Request.Path value was detected from the client (?).


I am using Webhandler to upload images to the server. I want to send the folder name so on that folder the images will save. I am using this URI format and got the below error.

Error:A potentially dangerous Request.QueryString value was detected from the client




I am creating the web application using c# in which i got a situation like this.


When I pass the Querystring as


I'm getting the following error. I need to  Trap this error by  redirecting  to a page say 'Access Denied.aspx' when the user types this query string.

And I dont want to disable request validation by setting validateRequest=false in the page directive.

Server Error in '/root' Application.

Potentially dangerous script....blah blah


explain this one - -   (please)

2 projects - same code - one, using 2008, one using 2010 - a textbox a button and a label, using html code in the textbox

In the Page Directive:
EnableEventValidation="false" ValidateRequest="false&q

Infopath form - browser error client error


I am facing a problem with browser enabled infopath form. I have developed this in infopath 2007. I have few fields in a repeating table. It contains Number of units, qty , subtotal and total. Total is sum of all sub totals and Sub total is  multiplication of units and qty. I am able to insert new items in preview and getting subtotal and total. I have published it in sharepiont as browser enabled form as a content type. When I opened the form in browser and insert new item in repeating table then I am not getting my subtotal and total updated. I am getting those for only first row. other rows are not working. This is working with infopath client.  Please help me out..



Unexplained Crash on .NET Windows Form, Potentially a Common Crash?

Hi, I have a continuous problem with a .NET Framework 3.5 Windows Form application crashing with the "...this application has performed an illegal error..." error message.  No errors are being caught through a Try-Catch (using a generic Exception, so to my knowledge it should catch any exception?) block throughout the application, so it appears to be something external.  At first we thought it may have been the users computer, but even after a replacement computer the same error continues.   I was just wondering if there are any common crashes which have any hotfixes etc. for .NET Framework 3.5? Or if anyone else has experienced anything similar?   Thanks

How to bind a WCF Http client to a specific outbound IPAddress before making the request

I want my request to go out through a specific IP Addresses. Is there a way to do that in WCF. The explanation of why I need this is a little long winded so i'd rather not get into that. Here is sample code string ipAddress = ""; IService service; ChannelFactory<IOmlService> factory = new ChannelFactory<IService>(new BasicHttpBinding(), new EndpointAddress("http://" + IPAddress + ":6996/IService")); service = factory.CreateChannel(); service.Test(); Here is an example scenario to explain exactly what i'm looking for. Let's say I have two IPs on my machine ( and Both of them can hit If i run this code now, it will hit the IP (.32) from any of my IPs (.30 or .31). How can i force it to go through a specific IP of mine (say .30). Is there any way to do that using WCF? Thanks

How to update client asp.net form periodically?

Hi all, I am fresh new to asp.net.  I try to convert my windows form into asp.net application. On my Windows form I use threads to monitor for changes in data sources to udpate my controls. However, I got no clue how to accomplish this in asp.net form.  It seems I cannot create a thread in the page to update my controls in the page.  I realy appreciate for any comments   Thanks

Difficult in using Request.Form

Hi all,i just try to pass value between pages using Request.Form,Here the scenario,1.First i created a two aspx pages(First.aspx and Second.aspx), First.aspx is a main page and Second.aspx is a popup.2.in the main page i created a button with type submit and text box , and in the button  onclick i call a function in the javascript which open the popup page3.When i try to retrieve the values from the main page in the popup i can't retrieve the valuesHere the codeFirst.aspx=========================================================<script language="javascript"> function fnClear() {window.open("Second.aspx","sendvalue","height=350,width=700,scrollbars=1");                }</Script><form id="mainpage" name="mainpage" method=post runat="server"><input type="text" name="txtStDate" runat="server" tabindex="1"                                                                                                 id="txtStDate" maxlength="

Need help in reading Soap request and response on invoking WCF client assembly

Hi All,   I'm new to WCF and i'm using .Net 3.5. I have created a library from the proxy class generated through svcutil. I'm able to succesfully invoke service methods. I was wondering how to capture the request and response soap xmls so that i could render it on browser. If you have any code piece for this kind of problem please share it with me. Regards, Rahul

Seeing the SOAP request sent from a Web Service Client/Consumer

Hello, I am building a web service consumer in C# in VS2010.  Using the provided WSDL, I need to build appropriate headers and use certificates, SSL (user name & pass), & WS security.  I am getting an error from the webservice side, specifically processing the <wsse:Security> header. Is it possible for me to see the exact request I am sending to the Webservice? I'd like to see the values of the pieces of the header that get put in and such. Is it possible to have human readable serialization of what's being passed in right before the error? Thank You

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend