Request Validation

V

Victor

Hi guys
I have a question regarding to how to do the request validation on user's
input. We all know in asp.net. when user input something like <a>blah
blah</a> by default, It will throw a HttpRequestValidationException say "A
potentially dangerous Request.Form value was detected from the client ". And
This validation can be turned off in the page.

Now, I am quite annoy about all these exceptions cause by someone want to
post some kinds of the ads on my website. And I really do not to disable the
page request validation. The best the result for me will be I can do
something about it before it reach the request validation event, like check
the user input myself then redirect to some other pages. if user continue
doing that, the system will automatically lock user's account, and send to
an email to admin.

Is there anyway I can achieve this? Or do you have better ideas? Any help
will be appreciate?
Thanks a lot
Cheers
Victor
 
W

Walter Wang [MSFT]

Hi Victor,

I agree with Steve here, with the Anti-Cross Site Scripting Library and
turning off "validateRequest", you should be able to accept any input
without vulnerable to marlicious script:

Literal1.Text =
"Hello " + Microsoft.Security.Application.AntiXss.HtmlEncode(TextBox1.Text)
+ "! Welcome to the examples!";

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
V

Victor

Hi Steve and Walter:
Thanks for your help. This is really a good clue for me to solve my problem.
I am still doing research on the AntiXss class. Hopefully, I can start use
that soon..
cheers thans again for the help.

Victor
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How can I remove the specific error message after regex validation is done? 1
My http request is working but not doing it correctly 0
Request Validation with WSS Cookies 0
Clear Error Message Upon New Input on Form? 1
Xml web control and request validation error 1
Problem in Accepting Xml Data in TextBox 3
Doing post - the second time throws an exception 1
potentially dangerous Request.Form value was detected 2

Members online

No members online now.
Total: 23 (members: 0, guests: 23)
Robots: 456

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top