Problem displaying text in a TextBox...

Discussion in 'ASP .Net' started by The Eeediot, Sep 27, 2004.

  1. The Eeediot

    The Eeediot Guest

    Hello, Folks...

    I'm almost becoming a regular to this newsgroup.

    I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

    TIA.
    Server Error in '/' Application.
    --------------------------------------------------------------------------------

    A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
    Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
    System.Web.HttpRequest.get_Form() +121
    System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    System.Web.UI.Page.DeterminePostBackMode() +47
    System.Web.UI.Page.ProcessRequestMain() +2106
    System.Web.UI.Page.ProcessRequest() +218
    System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87



    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
    The Eeediot, Sep 27, 2004
    #1
    1. Advertising

  2. Hi,

    Well, I guess you should read the error description more carefully. It says:

    Description: Request Validation has detected a potentially dangerous client
    input value, and processing of the request has been aborted. This value may
    indicate an attempt to compromise the security of your application, such as
    a cross-site scripting attack. You can disable request validation by setting
    validateRequest=false in the Page directive or in the configuration section.
    However, it is strongly recommended that your application explicitly check
    all inputs in this case.

    And now once again only the workaround:

    You can disable request validation by setting validateRequest=false in the
    Page directive or in the configuration section

    I advise you to disable it at page level. The so-called Page directive is
    the first row of each page starting with <%@ Page

    Greetings
    Martin
    "The Eeediot" <> wrote in message
    news:...
    Hello, Folks...

    I'm almost becoming a regular to this newsgroup.

    I am trying to display the contents of an MS-SQL Text field to a TextBox in
    ASPdotNET. The text in this field contains all sorts of characters
    including cheverons (i.e. ">" and "<") and occasionally I get the following
    error condition (listed below). Is there anything I can do to avoid it? I
    use the simple line txtArticle.Text = datareader("Article") in my code to
    populate it.

    TIA.
    Server Error in '/' Application.
    ----------------------------------------------------------------------------
    ----

    A potentially dangerous Request.Form value was detected from the client
    (txtArticle="... then use <F8> to get boot men...").
    Description: Request Validation has detected a potentially dangerous client
    input value, and processing of the request has been aborted. This value may
    indicate an attempt to compromise the security of your application, such as
    a cross-site scripting attack. You can disable request validation by setting
    validateRequest=false in the Page directive or in the configuration section.
    However, it is strongly recommended that your application explicitly check
    all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially
    dangerous Request.Form value was detected from the client (txtArticle="...
    then use <F8> to get boot men...").

    Source Error:

    An unhandled exception was generated during the execution of the
    current web request. Information regarding the origin and location of the
    exception can be identified using the exception stack trace below.

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous
    Request.Form value was detected from the client (txtArticle="... then use
    <F8> to get boot men...").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String
    collectionName) +230
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
    nvc, String collectionName) +99
    System.Web.HttpRequest.get_Form() +121
    System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    System.Web.UI.Page.DeterminePostBackMode() +47
    System.Web.UI.Page.ProcessRequestMain() +2106
    System.Web.UI.Page.ProcessRequest() +218
    System.Web.UI.Page.ProcessRequest(HttpContext context) +18

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    p.Execute() +179
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +87



    ----------------------------------------------------------------------------
    ----
    Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
    Version:1.1.4322.573
    Martin Dechev, Sep 27, 2004
    #2
    1. Advertising

  3. The Eeediot

    Hermit Dave Guest

    @Page directive has an attribute called ValidateRequest. For the values to
    contain explict < > tags you will have to set it to false.
    For more information refer
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconPage.asp

    Read this before you apply it
    http://msdn.microsoft.com/library/d...tingagainstscriptexploitsinwebapplication.asp

    --

    Regards,

    Hermit Dave
    (http://hdave.blogspot.com)
    "The Eeediot" <> wrote in message
    news:...
    Hello, Folks...

    I'm almost becoming a regular to this newsgroup.

    I am trying to display the contents of an MS-SQL Text field to a TextBox in
    ASPdotNET. The text in this field contains all sorts of characters
    including cheverons (i.e. ">" and "<") and occasionally I get the following
    error condition (listed below). Is there anything I can do to avoid it? I
    use the simple line txtArticle.Text = datareader("Article") in my code to
    populate it.

    TIA.
    Server Error in '/' Application.


    A potentially dangerous Request.Form value was detected from the client
    (txtArticle="... then use <F8> to get boot men...").
    Description: Request Validation has detected a potentially dangerous client
    input value, and processing of the request has been aborted. This value may
    indicate an attempt to compromise the security of your application, such as
    a cross-site scripting attack. You can disable request validation by setting
    validateRequest=false in the Page directive or in the configuration section.
    However, it is strongly recommended that your application explicitly check
    all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially
    dangerous Request.Form value was detected from the client (txtArticle="...
    then use <F8> to get boot men...").

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous
    Request.Form value was detected from the client (txtArticle="... then use
    <F8> to get boot men...").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String
    collectionName) +230
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
    nvc, String collectionName) +99
    System.Web.HttpRequest.get_Form() +121
    System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    System.Web.UI.Page.DeterminePostBackMode() +47
    System.Web.UI.Page.ProcessRequestMain() +2106
    System.Web.UI.Page.ProcessRequest() +218
    System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
    +179
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +87





    Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
    Version:1.1.4322.573
    Hermit Dave, Sep 27, 2004
    #3
  4. Hi,

    Try using HttpUtility.HtmlEncode() . To get more info check this out;


    http://msdn.microsoft.com/library/d...SystemWebHttpUtilityClassHtmlEncodeTopic2.asp

    Hope this helps,

    Ethem

    "The Eeediot" wrote:

    > Hello, Folks...
    >
    > I'm almost becoming a regular to this newsgroup.
    >
    > I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.
    >
    > TIA.
    > Server Error in '/' Application.
    > --------------------------------------------------------------------------------
    >
    > A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
    > Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
    >
    > Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
    > System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
    > System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
    > System.Web.HttpRequest.get_Form() +121
    > System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    > System.Web.UI.Page.DeterminePostBackMode() +47
    > System.Web.UI.Page.ProcessRequestMain() +2106
    > System.Web.UI.Page.ProcessRequest() +218
    > System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    > System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
    > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87
    >
    >
    >
    > --------------------------------------------------------------------------------
    > Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322
    =?Utf-8?B?RXRoZW0gQXp1bg==?=, Sep 27, 2004
    #4
  5. The Eeediot

    Karl Seguin Guest

    You have to disable the validateRequest via either the:
    Page directive:
    <%@ Page ... validateRequest="false" %>

    or the web.config:
    <system.web>
    <pages validateRequest="false" />
    </system.web>


    karl

    --
    MY ASP.Net tutorials
    http://www.openmymind.net/


    "The Eeediot" <> wrote in message news:...
    Hello, Folks...

    I'm almost becoming a regular to this newsgroup.

    I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

    TIA.
    Server Error in '/' Application.
    ------------------------------------------------------------------------------

    A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
    Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

    Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
    System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
    System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
    System.Web.HttpRequest.get_Form() +121
    System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    System.Web.UI.Page.DeterminePostBackMode() +47
    System.Web.UI.Page.ProcessRequestMain() +2106
    System.Web.UI.Page.ProcessRequest() +218
    System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87



    ------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
    Karl Seguin, Sep 27, 2004
    #5
  6. Use Server.HTMLEncode before displaying the information. This will
    encode the string so that it will display properly in HTML.

    A note on the error: The validation request exception is raised to
    prevent cross-site scripting from being exploited. ASP.Net checks for
    possible script tags and other information being submitted to the
    browser via input. This can be disabled in cases where you want to
    submit script values (such as a WYSIWYG editor) by setting the
    ValidateRequest page directive to false, <@% Page
    validateRequest="false" %>, but this is not recommended.

    Joel Cade, MCSD .Net, MCAD, MCP
    Fig Tree Solutions, LLC
    http://www.figtreesolutions.com

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Joel Cade, MCSD, Sep 27, 2004
    #6
  7. The Eeediot

    The Eeediot Guest

    Hehehe.

    I did choose the name aptly.


    "Martin Dechev" <> wrote in message
    news:...
    > Hi,
    >
    > Well, I guess you should read the error description more carefully. It

    says:
    >
    > Description: Request Validation has detected a potentially dangerous

    client
    > input value, and processing of the request has been aborted. This value

    may
    > indicate an attempt to compromise the security of your application, such

    as
    > a cross-site scripting attack. You can disable request validation by

    setting
    > validateRequest=false in the Page directive or in the configuration

    section.
    > However, it is strongly recommended that your application explicitly check
    > all inputs in this case.
    >
    > And now once again only the workaround:
    >
    > You can disable request validation by setting validateRequest=false in the
    > Page directive or in the configuration section
    >
    > I advise you to disable it at page level. The so-called Page directive is
    > the first row of each page starting with <%@ Page
    >
    > Greetings
    > Martin
    > "The Eeediot" <> wrote in message
    > news:...
    > Hello, Folks...
    >
    > I'm almost becoming a regular to this newsgroup.
    >
    > I am trying to display the contents of an MS-SQL Text field to a TextBox

    in
    > ASPdotNET. The text in this field contains all sorts of characters
    > including cheverons (i.e. ">" and "<") and occasionally I get the

    following
    > error condition (listed below). Is there anything I can do to avoid it?

    I
    > use the simple line txtArticle.Text = datareader("Article") in my code to
    > populate it.
    >
    > TIA.
    > Server Error in '/' Application.
    > --------------------------------------------------------------------------

    --
    > ----
    >
    > A potentially dangerous Request.Form value was detected from the client
    > (txtArticle="... then use <F8> to get boot men...").
    > Description: Request Validation has detected a potentially dangerous

    client
    > input value, and processing of the request has been aborted. This value

    may
    > indicate an attempt to compromise the security of your application, such

    as
    > a cross-site scripting attack. You can disable request validation by

    setting
    > validateRequest=false in the Page directive or in the configuration

    section.
    > However, it is strongly recommended that your application explicitly check
    > all inputs in this case.
    >
    > Exception Details: System.Web.HttpRequestValidationException: A

    potentially
    > dangerous Request.Form value was detected from the client (txtArticle="...
    > then use <F8> to get boot men...").
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the
    > current web request. Information regarding the origin and location of the
    > exception can be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [HttpRequestValidationException (0x80004005): A potentially dangerous
    > Request.Form value was detected from the client (txtArticle="... then use
    > <F8> to get boot men...").]
    > System.Web.HttpRequest.ValidateString(String s, String valueName,

    String
    > collectionName) +230
    > System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
    > nvc, String collectionName) +99
    > System.Web.HttpRequest.get_Form() +121
    > System.Web.UI.Page.GetCollectionBasedOnMethod() +70
    > System.Web.UI.Page.DeterminePostBackMode() +47
    > System.Web.UI.Page.ProcessRequestMain() +2106
    > System.Web.UI.Page.ProcessRequest() +218
    > System.Web.UI.Page.ProcessRequest(HttpContext context) +18
    >
    >

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
    > p.Execute() +179
    > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously) +87
    >
    >
    >
    > --------------------------------------------------------------------------

    --
    > ----
    > Version Information: Microsoft .NET Framework Version:1.1.4322.573;

    ASP.NET
    > Version:1.1.4322.573
    >
    >
    The Eeediot, Sep 27, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Bridge
    Replies:
    2
    Views:
    4,693
    Mike Bridge
    Feb 20, 2004
  2. Replies:
    3
    Views:
    746
    George Ter-Saakov
    Feb 23, 2007
  3. Replies:
    0
    Views:
    257
  4. agb

    writing two textbox's text in one textbox

    agb, Aug 26, 2003, in forum: ASP .Net Web Controls
    Replies:
    1
    Views:
    167
    Ken Cox [Microsoft MVP]
    Aug 27, 2003
  5. ErwinP
    Replies:
    1
    Views:
    735
    ErwinP
    Aug 19, 2005
Loading...

Share This Page