You must Sign In to post a response.
  • Category: ASP.NET

    A potentially dangerous Request.Form value was detected from the client

    Webform1.aspx has grid.Grid contain edit button.Onclick of edit button,user is redirected to webform2.aspx page.Querystring id is passed to Webform2.aspx.Webform2.aspx shows all data of that id.Webform contain dropdownlist,texboxes and button etc.I am fetching record from database and assigning to control like dropdownlist,textbox and button.When assigning value to textbox that contain '<' or '>' and trying to update the record.It throws an exception.Exception is 'A potentially dangerous Request.Form value was detected from the client '.So I tried to use htmlencode method.Below is my code In cs file

    public partial class Webform1 : System.Web.UI.Page
    {
    string strUrl="";
    protected void Page_Load(object sender, EventArgs e)
    {

    // Fetching value from database and assigning to string
    Textbox1.Text= dr["URL"].ToString();
    // directly use string
    //strUrl= dr["URL"].ToString();
    }

    protected void button_Click(object sender, EventArgs e)
    {
    string s2 ="";
    string s3 = "";
    strUrl= Textbox1.Text;
    if ((strUrl.Contains("<")) || (strUrl.Contains(">")))
    {
    s2 = Server.HtmlEncode("<");
    s3 = Server.HtmlEncode(">");
    strUrl= strPingUrl.Replace("<", s2);
    strUrl= strPingUrl.Replace(">", s3);

    }
    Textbox1.Text =strUrl;
    // updation code
    When I will try to insert it throws exception.Instead of assigning value to textbox if i use string.It is working.I am able to update the record.But I don't want like this.User can change the value in textbox.So I want to take value from textbox.
  • #757382
    add the following keys to your web.config under system.web.

    <pages validateRequest="false" />

    if you are using .net 4.0 then also add below key.

    <httpRuntime requestValidationMode="2.0" />

    you can achieve this in MVC by adding [ValidateInput(false)] attribute to the method you are calling. for more information go to :

    http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client

    //Regards,
    Saurabh Tyagi
    www.dotnetblogpost.com

    Rate As Answer, If you satisfied.

  • #757383
    Thanks Saurabh for ur help.But I don't want to make validationrequest to false.

  • #757389
    this is the only way you can pass the harmful text to your server, otherwise you always get the error.

    you can validate the harmful text on the server before save and return the message if not validated.

    //Regards,
    Saurabh Tyagi
    www.dotnetblogpost.com

    Rate As Answer, If you satisfied.

  • #757391
    hi
    pinky

    Please use update panel your gridview that control restrict this potentially dangerous Request.Form and also set your webconfiq request some value

    Name : Dotnet Developer-2015
    Email Id : kumaraspcode2009@gmail.com

    'Not by might nor by power, but by my Spirit,' says the LORD Almighty.


  • Sign In to post your comments