.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Potentially dangerous script....blah blah

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

explain this one - -   (please)

2 projects - same code - one, using 2008, one using 2010 - a textbox a button and a label, using html code in the textbox

In the Page Directive:
EnableEventValidation="false" ValidateRequest="false&q

View Complete Post

More Related Resource Links

How can I get xmlns:xsi to appear after (instead of before) a custom xmlns="blah" statement?

I need the | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | statement to appear as the second statement after | xmlns="blah" | in an XML file I an trying to generate.  If it appears first the system that consumes the fail is unable to interpret the file. My query: WITH XMLNAMESPACES (DEFAULT 'example', 'http://www.w3.org/2001/XMLSchema-instance' AS xsi) SELECT 'myschema schemav5.xsd' "@xsi:schemaLocation", '27' AS CompanyCode , ISNULL(NULL,'') AS ExampleOfBlankNullField , NULL AS ExampleOfNullField, 2010 AS [Year] , 3 AS [Quarter] FOR XML PATH('CompanyData'), ELEMENTS XSINIL ; The result:   <CompanyData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="example" xsi:schemaLocation="myschema schemav5.xsd"> <CompanyCode>27</CompanyCode> <ExampleOfBlankNullField></ExampleOfBlankNullField> <ExampleOfNullField xsi:nil="true" /> <Year>2010</Year> <Quarter>3</Quarter> </CompanyData> If I could just get that xmlns="example" to be placed before the xmlns:xsi section, then I would be good to go.   Any suggestions on how I can do that? Thank you for your help!

A potentially dangerous Request.Form value was detected from the client


I know this has been discussed already but my problem isn't the error itself. My problem is I am including [ValidateInput(false)] above my ActionResult and I still receive this error when I click submit. Is there something somewhere else overriding this command?

Here is what the code looks like.

[Authorize(Roles = "Administrator")]
        public ActionResult Create(FormCollection Form)

[Authorize(Roles = "Administrator")]



Couldn't find local patch C:\WINDOWS\Installer\Blah.msp Looking for it at its source.

I get installer errors like this whenever I try to remove SQL 2005 Workstation Components or when I try to install a new named instance. In fact whatever I try to do that involves reading the installation media I get this type of missing file error. Does this indicate there a corruption in my installation media?

HttpContext.Session A potentially dangerous Request.QueryString value was detected from the client


I have an ashx handler that was working fine in VS2008 but when I upgraded to VS2010 (haven't gone back to VS2008 to double check though) and when I try to grab the value from HttpContext.Request.Params["update"] I get the following error:

+ ex {"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

"A potentially dangerous Request.QueryString value was detected from the client (update=\"<SETIProducts><Produ...\")."} System.Exception {System.Web.HttpRequestValidationException}

I've read that I can set the validateRequest to false, but I was wondering about the impacts and looking for any other suggestions. 

I know very little about security when it comes to web programming but I thought I should mention that my handler will be running on a internal file server but transmitting data to/from an eCommerce platfo

dotnetzip < Access to the path bLAH is Access denied


I trying  dotnetzip on localhost everything works fine.

but on a real dotnet hosting it raises error :

Access to the path 'C:\inetpub\vhosts\blahblah.com\subdomains\rapor\httpdocs\DotNetZip-luqevaxu.tmp' is denied.

my code is just this :

using (ZipFile zip = new ZipFile(Server.MapPath("~")+"/a.zip"))

my hosting got a plesk interface.and I am afraid there is no solution to fix this on any plesk settings.

what should I do ?

any clue ?

thanks much before for any answers if may be solution or not.

A potentially dangerous Request.Form value was detected from the client



i have a form that use can insert some text in textbox

if user insert <..> page return an error like

A potentially dangerous Request.Form value was detected from the client 

the problem is i need to user inter some html code that's because i change the code in web.config file

<pages validateRequest="false"

URGENT!!, A potentially dangerous Request.Form value was detected from the client



I get mails about an unhandled error has occurred:
Message: A Potentially Dangerous Request.Form value was detected from the client (ctl00 $ default master content $ txtCustomerMessage ="... ???????? <a href = "http://aovo ...").

 Stack Trace:
   at System.Web.HttpRequest.ValidateString (String s, String Value name, String collection name)
   at System.Web.HttpRequest.ValidateNameValueCollection (name value collection nvc, String collection name)
   at System.Web.HttpRequest.get_Form ()
   at System.Web.HttpRequest.get_HasForm ()
   at System.Web.UI.Page.GetCollectionBasedOnMethod (Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode ()
   at System.Web.UI.Page.ProcessRequestMain (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest (Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.AsyncPageProcessRequestBeforeAsyncPointCancellableCallback (Object state)
   at System.Web.HttpContext.InvokeCancellableCallback (wait callback callback, Object state)
   at System.Web.UI.Page.AsyncPageBeginProcessRequest (HttpC

A potentially dangerous Request.Path value was detected from the client (?).


I am using Webhandler to upload images to the server. I want to send the folder name so on that folder the images will save. I am using this URI format and got the below error.

A potentially dangerous Request.Form value was detected from the client


I am getting the above error when I am trying to save a value '<TS1'. I did the search and came to know it is about html injection. So I entered ValidateRequest="false" on top of the page and in the code behind file I have the following code.

Protected Sub fvAddCompass_ItemInserting(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.FormViewInsertEventArgs) Handles fvAddCompass.ItemInserting

Dim strProvided A

A potentially dangerous Request.Form value was detected from the client


We have a DOT.NET app that we paste info into. Sometimes the text contains characters which seem to offend dot.net. So the application breaks. How we intecept these breaks and then decide for ourselves if the content is really "potentially dangerous" or not?

The same string even breaks this "post a new message".

A potentially dangerous Request.Form value was detected from the client


i have 2 aspx files
1) 1.aspx - collects info from the user, stores into the DB.
2) 2.aspx - collects info from the DB and displays back to the user

in 2.aspx, i am encoding(htmlencode,urlencode.....) and displaying the info. so srcipt is displayed as text but not executed. -- expected result.
in 1.aspx, i am collecting info from textboxes and store in DB,i am getting below exception when clicked on save button.
"A potentially dangerous Request.Form value was detected from the client ...".

how do i fix it?
guys please dont tell me to turn off validaterequest.i want that to be turned ON, for security reasons.

also i want to validate the input before storing into the DB.so that my DB holds verified and trusted data(not malicious).

any help would be highly appreciated.

A potentially dangerous Request.Form value was detected from the client in


Hi All, I have a MVC application and I am using a rich text box control in a textarea control. I have bind the page with the Model and fetching the data from the class properties. here is the textarea control to use the Text Editor


Error:A potentially dangerous Request.QueryString value was detected from the client




I am creating the web application using c# in which i got a situation like this.


When I pass the Querystring as


I'm getting the following error. I need to  Trap this error by  redirecting  to a page say 'Access Denied.aspx' when the user types this query string.

And I dont want to disable request validation by setting validateRequest=false in the page directive.

Server Error in '/root' Application.

Rendering ASP.NET Script References into the Html Header

One thing that I've come to appreciate in control development in ASP.NET that use JavaScript is the ability to have more control over script and script include placement than ASP.NET provides natively. Specifically in ASP.NET you can use either the ClientScriptManager or ScriptManager to embed scripts and script references into pages via code.

*.axd script references not being rendered to browser


I'm running VS2010 with .net 4.0, and am running into issues with the .net ajax script tags mysteriously not being rendered to the browser.

So far I've reduced it to a scenario where I set the DataSourceID property of a databound control.  More specifically, I've only tested it on a Gridview and a DropDownList.

This can be reproduced fairly easily on my machine by following these steps:

1. Create a new empty Web Application Project

2. Create a new Web Form

3. Add a ScriptManager inside the form

4. Add a DropDownList and a DataSource (I used an ObjectDataSource)

5. Set the DataSourceID property of the DropDownList to the ID of the DataSource.  This can be done either declaratively on the .aspx page, or in the code behind in the aspx.cs page, and both produce the same results.

6. Open the page in a browser and watch as you get a javascript error stating "Sys is not defined" and notice that the page source contains no script tags referencing *.axd scripts.

Here's my source code showing my set up:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="ScriptResourceFAIL.Default" %>


Client script not running


Dear all,

in my MVC 2 application, and in the shared Master Page I wrote this little script for menu handling :

<script src="../../Scripts/jquery-1.4.1.js" type="text/javascript"></script>
<script type="text/javascript"> $(document).ready(function () {   
     $('#nav li').hover(  
         function () {  
             //show its submenu  
             $('ul', this).slideDown(100);  
        function () {  
           //hide its submenu  
            $('ul', this).slideUp(100);           

The script, that shows menu items when the

Cutting Edge: Custom Script Callbacks in ASP.NET


ASP. NET client callbacks represent a neat and elegant way to execute server-side code without posting and refreshing the current page. I discussed ASP. NET callbacks in the August and December 2004 installments of Cutting Edge, considering them from the perspective of rendered pages making background callbacks to the server, sending input data to the relevant page, and receiving a response.

Dino Esposito

MSDN Magazine January 2005

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend