A potentially dangerous Request.Form

[Alex Munk]

Hi All,

I read the KB821343 article on this subject and I am still a bit confused
about a couple of things:

1) Am I to understand that if I install .NET frame work 1.1 on the computer
generating the application this problem will be resolved?

2) How can I find out what the offending code is doing? I really do not want
to disable Request Validation, I would rather find the problem and HTML
encode myself.

I appreciate your help.

Alex

 

[Alex Munk]

Hi me again,

Regarding point 2) in my original post I was able to determine the root
cause of the problem:

<select name="ddlForms" onchange="__doPostBack('ddlForms','')"
language="javascript" id="ddlForms" style="Z-INDEX: 118; LEFT:
700px;POSITION: absolute; TOP: 0px">
<option value="<FORMS>">&lt;FORMS&gt;</option>
<option value="Vacation Request">Vacation Request</option>
<option value="Internal Job Application">Internal Job
Application</option></select>

The problem is in the line: <option value="<FORMS>">&lt;FORMS&gt;</option>
Apparently "<FORMS>" is the culprit

Can anyone suggest how to fix the code?

Thanks,
Alex

 

[Adrijan Josic]

http://www.tconsult.com/aspnet/security/potentially_dangero
us.aspx

try that...

-----Original Message-----
Hi me again,

Regarding point 2) in my original post I was able to determine the root
cause of the problem:

<select name="ddlForms" onchange="__doPostBack ('ddlForms','')"
language="javascript" id="ddlForms" style="Z-INDEX: 118; LEFT:
700px;POSITION: absolute; TOP: 0px">
<option value="<FORMS>"><FORMS></option>
<option value="Vacation Request">Vacation