A potentially dangerous Request.QueryString value was detected from the client

Discussion in 'ASP .Net' started by Hardy Wang, Jan 4, 2005.

  1. Hardy Wang

    Hardy Wang Guest

    Hi, I put following value in my query string, then I got this error

    I am wandering what is wrong with this value? I really cannot understand.
    Hardy Wang, Jan 4, 2005
    1. Advertisements

  2. Hardy Wang

    Patrice Guest

    Lookis like it would be iehter * or = that is filtered as malicious...

    Try with those chars...

    Patrice, Jan 4, 2005
    1. Advertisements

  3. Nicole Calinoiu, Jan 4, 2005
  4. Hardy Wang

    Hardy Wang Guest

    Not really, if I put
    Then everything is fine. This value also contains * and ==.
    Hardy Wang, Jan 4, 2005
  5. Hardy Wang

    Hardy Wang Guest

    Thanks, based on your post in that thread, "on=" will cause problem, but in
    my value I only have "oN" then followed by some other strings.

    BTW, I cannot find System.Web.CrossSiteScriptingValidation class.
    Hardy Wang, Jan 4, 2005
  6. Hardy,

    It's not just "on=" that causes the problem. Mike Kozlowski posted regular
    expressions for the problem patterns in the earlier thread. If you would
    prefer to examine the code yourself, System.Web.CrossSiteScriptingValidation
    is in System.Web.dll. It's visibility is set to internal, so you might need
    to adjust your Reflector settings to see it.

    Nicole Calinoiu, Jan 4, 2005
  7. Hardy Wang

    vMike Guest

    You can turn off the validation, but you need to make sure your code can
    handle malicious encoding. To turn it off
    put validaterequest=false in the @page directive. You may want to
    research it a bit first.
    vMike, Jan 4, 2005
  8. Hardy Wang


    Apr 23, 2011
    Likes Received:
    error is nothing to do with query string


    see this

    <%@ Page validateRequest="false" %>

    Caution: When request validation is disabled, content can be submitted to a page; it is the responsibility of the page developer to ensure that content is properly encoded or processed.
    Disabling request validation for your application

    To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the <pages /> section to false:

    <configuration> <system.web> <pages validateRequest="false" /> </system.web> </configuration>
    jinusa2007, Apr 23, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.