.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Error:A potentially dangerous Request.QueryString value was detected from the client

Posted By:      Posted Date: May 22, 2011    Points: 0   Category :ADO.Net



I am creating the web application using c# in which i got a situation like this.


When I pass the Querystring as


I'm getting the following error. I need to  Trap this error by  redirecting  to a page say 'Access Denied.aspx' when the user types this query string.

And I dont want to disable request validation by setting validateRequest=false in the page directive.

Server Error in '/root' Application.

View Complete Post

More Related Resource Links

HttpContext.Session A potentially dangerous Request.QueryString value was detected from the client


I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

I've read that I can set the validateRequest to false, but I was wondering about the impacts and looking for any other suggestions. 

I know very little about security when it comes to web programming but I thought I should mention that my handler will be running on a internal file server but transmitting data to/from an eCommerce platfo

A potentially dangerous Request.Form value was detected from the client


I know this has been discussed already but my problem isn't the error itself. My problem is I am including [ValidateInput(false)] above my ActionResult and I still receive this error when I click submit. Is there something somewhere else overriding this command?

Here is what the code looks like.

[Authorize(Roles = "Administrator")]
        public ActionResult Create(FormCollection Form)

[Authorize(Roles = "Administrator")]



A potentially dangerous Request.Form value was detected from the client



i have a form that use can insert some text in textbox

if user insert <..> page return an error like

A potentially dangerous Request.Form value was detected from the client 

the problem is i need to user inter some html code that's because i change the code in web.config file

<pages validateRequest="false"

URGENT!!, A potentially dangerous Request.Form value was detected from the client



I get mails about an unhandled error has occurred:
Message: A Potentially Dangerous Request.Form value was detected from the client (ctl00 $ default master content $ txtCustomerMessage ="... ???????? <a href = "http://aovo ...").

 Stack Trace:
   at System.Web.HttpRequest.ValidateString (String s, String Value name, String collection name)
   at System.Web.HttpRequest.ValidateNameValueCollection (name value collection nvc, String collection name)
   at System.Web.HttpRequest.get_Form ()
   at System.Web.HttpRequest.get_HasForm ()
   at System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode ()
   at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.AsyncPageProcessRequestBeforeAsyncPointCancellableCallback (Object state)
   at System.Web.HttpContext.InvokeCancellableCallback (wait callback callback, Object state)
   at System.Web.UI.Page.AsyncPageBeginProcessRequest (HttpC

A potentially dangerous Request.Path value was detected from the client (?).


I am using Webhandler to upload images to the server. I want to send the folder name so on that folder the images will save. I am using this URI format and got the below error.

A potentially dangerous Request.Form value was detected from the client


I am getting the above error when I am trying to save a value '<TS1'. I did the search and came to know it is about html injection. So I entered ValidateRequest="false" on top of the page and in the code behind file I have the following code.

Protected Sub fvAddCompass_ItemInserting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.FormViewInsertEventArgs) Handles fvAddCompass.ItemInserting

Dim strProvided A

A potentially dangerous Request.Form value was detected from the client


We have a DOT.NET app that we paste info into. Sometimes the text contains characters which seem to offend dot.net. So the application breaks. How we intecept these breaks and then decide for ourselves if the content is really "potentially dangerous" or not?

The same string even breaks this "post a new message".

A potentially dangerous Request.Form value was detected from the client


i have 2 aspx files
1) 1.aspx - collects info from the user, stores into the DB.
2) 2.aspx - collects info from the DB and displays back to the user

in 2.aspx, i am encoding(htmlencode,urlencode.....) and displaying the info. so srcipt is displayed as text but not executed. -- expected result.
in 1.aspx, i am collecting info from textboxes and store in DB,i am getting below exception when clicked on save button.
"A potentially dangerous Request.Form value was detected from the client ...".

how do i fix it?
guys please dont tell me to turn off validaterequest.i want that to be turned ON, for security reasons.

also i want to validate the input before storing into the DB.so that my DB holds verified and trusted data(not malicious).

any help would be highly appreciated.

A potentially dangerous Request.Form value was detected from the client in


Hi All, I have a MVC application and I am using a rich text box control in a textarea control. I have bind the page with the Model and fetching the data from the class properties. here is the textarea control to use the Text Editor


Error Firefox has detected that the server is redirecting the request for this address in a way tha

The page isn't redirecting properly                                                        Firefox has detected that the server is redirecting the request for this address in a way that will never complete.                            *   This problem can sometimes be caused by disabling or refusing to accept          cookies.

Potentially dangerous script....blah blah


explain this one - -   (please)

2 projects - same code - one, using 2008, one using 2010 - a textbox a button and a label, using html code in the textbox

In the Page Directive:
EnableEventValidation="false" ValidateRequest="false&q

there was an error processing the request


 Hi, I implement a project which has a ajax plus web service. It works out on IDE VS 2008 Express.

Now I host it on a free space, get an error "there was an error processing the request".

The error type is empty.

Any experience is thankful.

question regarding request.querystring


I have a url like this:

http://www.somepage.com/main.aspx.  In this page, when I click on a link it takes me to a page http://www.somepage.com/cental.aspx?cid=200.  So in the cental.aspx.cs page I did the following in the page load:


if(request.querystring["comp"].tostring() != null)


//do some thing


So I got an error like: object reference not set to an instance of reference.


My problem is, I am using the same page.  So when I go from some page, I will have "comp".  but other times not.  So when there is no "comp", how do I handle it in request.querystring?


HTTP 400 Bad Request Error when uploading to document library


I am running MOSS 3007 Standard on Windows 2003. When trying to upload files larger than about 29Mb, I am getting an HTTP 400 Bad request error. The error states "HTTP Error 400 - Request is badly formed." I am able to successfully upload a 28Mb file. Sharepoint is configured to accept files up to 75Mb.

I have done a fair amount of research on this, but none of the solutions seem to apply to our environment. The two most likely candidates do not apply, for example we are NOT running URLScan (there are a variety of solutions suggesting this could be an issue with uploads of 30Mb or more), and we are on 2003 with IIS6, so again the issue relating to 2008 and IIS7 do not apply.

The "Request is badly formed" part of the request is particularly confusing as most issues I have come across where this error is the symptom point to errors in custom code that is trying to talk to SharePoint. We have done none of our own custom coding and this error is occurring when attempting a simple upload to a document library.

Trying to drag and drop the file across when the document library is open in windows explorer also fails.

I did come across someone saying they had a similar problem which was caused by a damaged content database, however in this case, it is occuring regardless of which content database I use, so either they are all corrupt

Request.Querystring and UrlDecoding


(asp.net 2.0, c#)


I have a page requesting a qyerystring looking like this ?test=b%E4st, %E4 is the url-encoded letter ä. I can't change how this looks and encodes since I have no access to the page doing the request.

string strTest = Request.Querystring["test"].ToString();

If I then, for instance, just Response.Write(strTest) the character ä (%E4) is broken. Displayed as a question mark. I have in my web.config the requestEncoding and responseEncoding set to utf-8. That is the way I need to have it, and I can't change that.

I've looked around for a solutions for this and the issue seems to be iso-8859-1 vs utf-8 in the querystring and url-decoding. It seems the Request.Querystring automatically url-decodes the string using the default encoding, in my case utf-8. I need it to url-decode using iso-8859-1 instead. I can achieve this by altering the web.config, but as I said earlier this is not an option.

I have tried to do this:

Encoding enc = Encoding.GetEncoding(28591);
string strTest= Request.QueryString["test"];
strTest= HttpUtility.UrlDecode(strTest, enc);

Not working, since the Request.QueryString already has url-decoded the value using utf-8.

Can I somehow override the requestEncoding in the web.config? Or is the any other way of doing this?

Infopath form - browser error client error


I am facing a problem with browser enabled infopath form. I have developed this in infopath 2007. I have few fields in a repeating table. It contains Number of units, qty , subtotal and total. Total is sum of all sub totals and Sub total is  multiplication of units and qty. I am able to insert new items in preview and getting subtotal and total. I have published it in sharepiont as browser enabled form as a content type. When I opened the form in browser and insert new item in repeating table then I am not getting my subtotal and total updated. I am getting those for only first row. other rows are not working. This is working with infopath client.  Please help me out..



sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend