How to solve this problem?

A

Andrew

Happy new year, friends,

When I tested my asp.net app with a new set of data, I got the following
error:

A potentially dangerous Request.Form value was detected from the client
(TEXTAREA1="...Request = <bitMapMessage type=...").

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as a
cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

But, I knew it was just our input text of a TextArea1 box which are
accidently in xml format: e.g. the value in TextArea1 box could be: XML
Request = <bitMapMessage type=0100><acceptorID>......

How can I let my app accept such kind of input info?

Thanks a lot.
 
J

Joerg Jooss

Hello Andrew,
Happy new year, friends,

When I tested my asp.net app with a new set of data, I got the
following error:

A potentially dangerous Request.Form value was detected from the
client (TEXTAREA1="...Request = <bitMapMessage type=...").

Description: Request Validation has detected a potentially dangerous
client input value, and processing of the request has been aborted.
This value may indicate an attempt to compromise the security of your
application, such as a cross-site scripting attack. You can disable
request validation by setting validateRequest=false in the Page
directive or in the configuration section. However, it is strongly
recommended that your application explicitly check all inputs in this
case.

But, I knew it was just our input text of a TextArea1 box which are
accidently in xml format: e.g. the value in TextArea1 box could be:
XML Request = <bitMapMessage type=0100><acceptorID>......

How can I let my app accept such kind of input info?
Click to expand...

Turn off request validation for that page (note the last attribute of the
Page directive):

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Foo.aspx.cs" Inherits="Foo"
ValidateRequest="false" %>

Cheers,
 
D

Dominick Baier [DevelopMentor]

Hi,

be very careful when you switch off automatic validation - make sure you
validate every single input if the format is legal.
 
J

Joerg Jooss

Hello Dominick Baier [DevelopMentor],
Hi,

be very careful when you switch off automatic validation - make sure
you validate every single input if the format is legal.
Click to expand...

Agreed. There's no point in posting XML content as form data anyway.

Cheers,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to solve this problem? 2
How to put a null check on this code 0
How to solve this problem 0
How to solve this problem 3
Issue with passing fetched data to POST form. How can I? 0
Problem in Accepting Xml Data in TextBox 3
Problem on display many XML files in web broswer IE 6
Regarding IIS Security. 0

Members online

Total: 30 (members: 1, guests: 29)
Robots: 174

Forum statistics

Threads
473,774
Messages
2,569,596
Members
45,135
Latest member
VeronaShap

Latest Threads

Top