validateRequest="false" not working in web.config or page directive

Discussion in 'ASP .Net' started by Tim Zych, May 16, 2004.

  1. Tim Zych

    Tim Zych Guest

    I'm trying to stop .Net from validating data entered into a textbox. When I
    enter < or > .Net returns an error:

    potentially dangerous Request.Form value was detected from the client...

    so a search on google indicates a couple of options:

    1. Add validateRequest = "false" in the page directive. So I add it:

    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="addcode.aspx.vb"
    Inherits="codelib.addcode" validateRequest="false"%>

    but I get the error:

    The 'validateRequest' attribute is not supported by the 'page' directive.

    2. or add <pages validateRequest="false" /> in system.web of the web.config
    file:

    but when I do that I get the error:

    Parser Error Message: Unrecognized attribute 'validateRequest'.

    I guess I cannot use either of these with .Net 2002, which I have. Is there
    any way around the first error caused by entering "malicious" code?
     
    Tim Zych, May 16, 2004
    #1
    1. Advertisements

  2. Tim,

    This functionality was introduced in version 1.1 of the .NET framework. See
    http://msdn.microsoft.com/library/en-us/dnaspp/html/scriptingprotection.asp
    for a way to add similar functionality to a version 1.0 application.

    HTH,
    Nicole



    "Tim Zych" <tzych@earth_noworms_link_dotttt.net> wrote in message
    news:...
    > I'm trying to stop .Net from validating data entered into a textbox. When
    > I
    > enter < or > .Net returns an error:
    >
    > potentially dangerous Request.Form value was detected from the client...
    >
    > so a search on google indicates a couple of options:
    >
    > 1. Add validateRequest = "false" in the page directive. So I add it:
    >
    > <%@ Page Language="vb" AutoEventWireup="false"
    > Codebehind="addcode.aspx.vb"
    > Inherits="codelib.addcode" validateRequest="false"%>
    >
    > but I get the error:
    >
    > The 'validateRequest' attribute is not supported by the 'page' directive.
    >
    > 2. or add <pages validateRequest="false" /> in system.web of the
    > web.config
    > file:
    >
    > but when I do that I get the error:
    >
    > Parser Error Message: Unrecognized attribute 'validateRequest'.
    >
    > I guess I cannot use either of these with .Net 2002, which I have. Is
    > there
    > any way around the first error caused by entering "malicious" code?
    >
    >
    >
    >
    >
    >
    >
     
    Nicole Calinoiu, May 16, 2004
    #2
    1. Advertisements

  3. Tim Zych

    Tim Zych Guest

    Thanks for the article. It's over my head but it gives me some good insight.

    "Nicole Calinoiu" <> wrote in message
    news:#...
    > Tim,
    >
    > This functionality was introduced in version 1.1 of the .NET framework.

    See
    >

    http://msdn.microsoft.com/library/en-us/dnaspp/html/scriptingprotection.asp
    > for a way to add similar functionality to a version 1.0 application.
    >
    > HTH,
    > Nicole
    >
    >
    >
    > "Tim Zych" <tzych@earth_noworms_link_dotttt.net> wrote in message
    > news:...
    > > I'm trying to stop .Net from validating data entered into a textbox.

    When
    > > I
    > > enter < or > .Net returns an error:
    > >
    > > potentially dangerous Request.Form value was detected from the client...
    > >
    > > so a search on google indicates a couple of options:
    > >
    > > 1. Add validateRequest = "false" in the page directive. So I add it:
    > >
    > > <%@ Page Language="vb" AutoEventWireup="false"
    > > Codebehind="addcode.aspx.vb"
    > > Inherits="codelib.addcode" validateRequest="false"%>
    > >
    > > but I get the error:
    > >
    > > The 'validateRequest' attribute is not supported by the 'page'

    directive.
    > >
    > > 2. or add <pages validateRequest="false" /> in system.web of the
    > > web.config
    > > file:
    > >
    > > but when I do that I get the error:
    > >
    > > Parser Error Message: Unrecognized attribute 'validateRequest'.
    > >
    > > I guess I cannot use either of these with .Net 2002, which I have. Is
    > > there
    > > any way around the first error caused by entering "malicious" code?
    > >
    > >
    > >
    > >
    > >
    > >
    > >

    >
    >
     
    Tim Zych, May 16, 2004
    #3
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Colmenares

    ValidateRequest="false" error

    Martin Colmenares, Jun 27, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,177
    Martin Colmenares
    Jun 27, 2003
  2. Tascien

    validateRequest directive

    Tascien, Feb 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    434
    Tascien
    Feb 17, 2004
  3. \A_Michigan_User\
    Replies:
    2
    Views:
    1,113
    \A_Michigan_User\
    Aug 21, 2006
  4. André
    Replies:
    3
    Views:
    1,973
  5. \A_Michigan_User\

    ValidateRequest=False HtmlEncode and The Best Method

    \A_Michigan_User\, Sep 5, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    1,312
    aamirghanchi
    Apr 1, 2010
  6. Edwin Knoppert
    Replies:
    0
    Views:
    1,081
    Edwin Knoppert
    Oct 19, 2006
  7. Replies:
    0
    Views:
    437
  8. Ken Sturgeon
    Replies:
    1
    Views:
    383
    Dominick Baier
    Jun 11, 2007
Loading...