validateRequest="false" not working in web.config or page directive

Discussion in 'ASP .Net' started by Tim Zych, May 16, 2004.

  1. Tim Zych

    Tim Zych Guest

    I'm trying to stop .Net from validating data entered into a textbox. When I
    enter < or > .Net returns an error:

    potentially dangerous Request.Form value was detected from the client...

    so a search on google indicates a couple of options:

    1. Add validateRequest = "false" in the page directive. So I add it:

    <%@ Page Language="vb" AutoEventWireup="false" Codebehind="addcode.aspx.vb"
    Inherits="codelib.addcode" validateRequest="false"%>

    but I get the error:

    The 'validateRequest' attribute is not supported by the 'page' directive.

    2. or add <pages validateRequest="false" /> in system.web of the web.config
    file:

    but when I do that I get the error:

    Parser Error Message: Unrecognized attribute 'validateRequest'.

    I guess I cannot use either of these with .Net 2002, which I have. Is there
    any way around the first error caused by entering "malicious" code?
    Tim Zych, May 16, 2004
    #1
    1. Advertising

  2. Tim,

    This functionality was introduced in version 1.1 of the .NET framework. See
    http://msdn.microsoft.com/library/en-us/dnaspp/html/scriptingprotection.asp
    for a way to add similar functionality to a version 1.0 application.

    HTH,
    Nicole



    "Tim Zych" <tzych@earth_noworms_link_dotttt.net> wrote in message
    news:...
    > I'm trying to stop .Net from validating data entered into a textbox. When
    > I
    > enter < or > .Net returns an error:
    >
    > potentially dangerous Request.Form value was detected from the client...
    >
    > so a search on google indicates a couple of options:
    >
    > 1. Add validateRequest = "false" in the page directive. So I add it:
    >
    > <%@ Page Language="vb" AutoEventWireup="false"
    > Codebehind="addcode.aspx.vb"
    > Inherits="codelib.addcode" validateRequest="false"%>
    >
    > but I get the error:
    >
    > The 'validateRequest' attribute is not supported by the 'page' directive.
    >
    > 2. or add <pages validateRequest="false" /> in system.web of the
    > web.config
    > file:
    >
    > but when I do that I get the error:
    >
    > Parser Error Message: Unrecognized attribute 'validateRequest'.
    >
    > I guess I cannot use either of these with .Net 2002, which I have. Is
    > there
    > any way around the first error caused by entering "malicious" code?
    >
    >
    >
    >
    >
    >
    >
    Nicole Calinoiu, May 16, 2004
    #2
    1. Advertising

  3. Tim Zych

    Tim Zych Guest

    Thanks for the article. It's over my head but it gives me some good insight.

    "Nicole Calinoiu" <> wrote in message
    news:#...
    > Tim,
    >
    > This functionality was introduced in version 1.1 of the .NET framework.

    See
    >

    http://msdn.microsoft.com/library/en-us/dnaspp/html/scriptingprotection.asp
    > for a way to add similar functionality to a version 1.0 application.
    >
    > HTH,
    > Nicole
    >
    >
    >
    > "Tim Zych" <tzych@earth_noworms_link_dotttt.net> wrote in message
    > news:...
    > > I'm trying to stop .Net from validating data entered into a textbox.

    When
    > > I
    > > enter < or > .Net returns an error:
    > >
    > > potentially dangerous Request.Form value was detected from the client...
    > >
    > > so a search on google indicates a couple of options:
    > >
    > > 1. Add validateRequest = "false" in the page directive. So I add it:
    > >
    > > <%@ Page Language="vb" AutoEventWireup="false"
    > > Codebehind="addcode.aspx.vb"
    > > Inherits="codelib.addcode" validateRequest="false"%>
    > >
    > > but I get the error:
    > >
    > > The 'validateRequest' attribute is not supported by the 'page'

    directive.
    > >
    > > 2. or add <pages validateRequest="false" /> in system.web of the
    > > web.config
    > > file:
    > >
    > > but when I do that I get the error:
    > >
    > > Parser Error Message: Unrecognized attribute 'validateRequest'.
    > >
    > > I guess I cannot use either of these with .Net 2002, which I have. Is
    > > there
    > > any way around the first error caused by entering "malicious" code?
    > >
    > >
    > >
    > >
    > >
    > >
    > >

    >
    >
    Tim Zych, May 16, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tascien

    validateRequest directive

    Tascien, Feb 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    339
    Tascien
    Feb 17, 2004
  2. Phil Winstanley [Microsoft MVP ASP.NET]

    Re: validateRequest=&quot;false&quot; not working in web.config or page directive

    Phil Winstanley [Microsoft MVP ASP.NET], May 16, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    640
    Phil Winstanley [Microsoft MVP ASP.NET]
    May 16, 2004
  3. \A_Michigan_User\
    Replies:
    2
    Views:
    885
    \A_Michigan_User\
    Aug 21, 2006
  4. Edwin Knoppert
    Replies:
    0
    Views:
    879
    Edwin Knoppert
    Oct 19, 2006
  5. Ken Sturgeon
    Replies:
    1
    Views:
    237
    Dominick Baier
    Jun 11, 2007
Loading...

Share This Page