A potentially dangerous Request.Form

Discussion in 'ASP .Net' started by Alex Munk, Dec 16, 2003.

  1. Alex Munk

    Alex Munk Guest

    Hi All,

    I read the KB821343 article on this subject and I am still a bit confused
    about a couple of things:

    1) Am I to understand that if I install .NET frame work 1.1 on the computer
    generating the application this problem will be resolved?

    2) How can I find out what the offending code is doing? I really do not want
    to disable Request Validation, I would rather find the problem and HTML
    encode myself.

    I appreciate your help.

    Alex
    Alex Munk, Dec 16, 2003
    #1
    1. Advertising

  2. Alex Munk

    Alex Munk Guest

    Hi me again,

    Regarding point 2) in my original post I was able to determine the root
    cause of the problem:

    <select name="ddlForms" onchange="__doPostBack('ddlForms','')"
    language="javascript" id="ddlForms" style="Z-INDEX: 118; LEFT:
    700px;POSITION: absolute; TOP: 0px">
    <option value="<FORMS>">&lt;FORMS&gt;</option>
    <option value="Vacation Request">Vacation Request</option>
    <option value="Internal Job Application">Internal Job
    Application</option></select>

    The problem is in the line: <option value="<FORMS>">&lt;FORMS&gt;</option>
    Apparently "<FORMS>" is the culprit

    Can anyone suggest how to fix the code?

    Thanks,
    Alex
    "Alex Munk" <> wrote in message
    news:4rFDb.48420$ea%...
    > Hi All,
    >
    > I read the KB821343 article on this subject and I am still a bit confused
    > about a couple of things:
    >
    > 1) Am I to understand that if I install .NET frame work 1.1 on the

    computer
    > generating the application this problem will be resolved?
    >
    > 2) How can I find out what the offending code is doing? I really do not

    want
    > to disable Request Validation, I would rather find the problem and HTML
    > encode myself.
    >
    > I appreciate your help.
    >
    > Alex
    >
    >
    Alex Munk, Dec 16, 2003
    #2
    1. Advertising

  3. http://www.tconsult.com/aspnet/security/potentially_dangero
    us.aspx

    try that...


    >-----Original Message-----
    >Hi me again,
    >
    >Regarding point 2) in my original post I was able to

    determine the root
    >cause of the problem:
    >
    ><select name="ddlForms" onchange="__doPostBack

    ('ddlForms','')"
    >language="javascript" id="ddlForms" style="Z-INDEX: 118;

    LEFT:
    >700px;POSITION: absolute; TOP: 0px">
    > <option value="<FORMS>"><FORMS></option>
    > <option value="Vacation Request">Vacation

    Request</option>
    > <option value="Internal Job Application">Internal

    Job
    >Application</option></select>
    >
    >The problem is in the line: <option

    value="<FORMS>"><FORMS></option>
    >Apparently "<FORMS>" is the culprit
    >
    >Can anyone suggest how to fix the code?
    >
    >Thanks,
    >Alex
    >"Alex Munk" <> wrote in message
    >news:4rFDb.48420

    $ea%...
    >> Hi All,
    >>
    >> I read the KB821343 article on this subject and I am

    still a bit confused
    >> about a couple of things:
    >>
    >> 1) Am I to understand that if I install .NET frame work

    1.1 on the
    >computer
    >> generating the application this problem will be

    resolved?
    >>
    >> 2) How can I find out what the offending code is doing?

    I really do not
    >want
    >> to disable Request Validation, I would rather find the

    problem and HTML
    >> encode myself.
    >>
    >> I appreciate your help.
    >>
    >> Alex
    >>
    >>

    >
    >
    >.
    >
    Adrijan Josic, Dec 17, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. amit
    Replies:
    1
    Views:
    511
    Eric Lawrence [MSFT]
    Feb 26, 2004
  2. angus
    Replies:
    1
    Views:
    5,556
    Michael O'Donovan [MSFT]
    Aug 4, 2004
  3. Replies:
    5
    Views:
    874
  4. =?Utf-8?B?cmFuZHkgY29sbGlucw==?=

    A potentially dangerous Request.Form value was detected...

    =?Utf-8?B?cmFuZHkgY29sbGlucw==?=, May 26, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    488
    =?Utf-8?B?cmFuZHkgY29sbGlucw==?=
    May 26, 2006
  5. =?Utf-8?B?U2VyZ2V5IFp1eWV2?=

    Potentially dangerous Request.Form value for Cancel button Click

    =?Utf-8?B?U2VyZ2V5IFp1eWV2?=, Oct 5, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    497
    Jon Paal
    Oct 5, 2006
Loading...

Share This Page