Doing post - the second time throws an exception

M

Mr. X.

Hello.
I am using VS 2008 for asp.net application.

after pressing the button once - everything is OK,
but whe pressing the button twice, I got an exception :
----------------------------------------------------------------
A potentially dangerous Request.Form value was detected from the client
(main_text="<div dir="rtl" align...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (main_text="<div
dir="rtl" align...").

Source Error:


The source code that generated this unhandled exception can only be
shown when compiled in debug mode. To enable this, please follow one of the
below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated
the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your
application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given
application to be compiled in debug mode. The first technique will cause
only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a
memory/performance overhead. You should make sure that an application has
debugging disabled before deploying into production scenario.


Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (main_text="<div dir="rtl"
align...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +3307682
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
nvc, String collectionName) +108
System.Web.HttpRequest.get_Form() +119
System.Web.HttpRequest.get_HasForm() +3309630
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +45
System.Web.UI.Page.DeterminePostBackMode() +65
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) +29
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+358
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +64



The aspx code is :
==============
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Default.aspx.vb"
Inherits="WebApplication3._Default" %>

<%@ Register assembly="FreeTextBox" namespace="FreeTextBoxControls"
tagprefix="FTB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div align="right" dir="rtl" style="height: 420px">
<FTB:FreeTextBox ID="main_text" height = "300px" runat="server">
</FTB:FreeTextBox>
</div>
<div align="right" dir="rtl">
<asp:Button ID="btn_tst" runat="server" Text="test" Width="60px" />
</div>
</form>
</body>
</html>

The code behind is :
================
Partial Public Class _Default
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
End Sub

Protected Sub btn_tst_Click(ByVal sender As Object, ByVal e As
EventArgs) Handles btn_tst.Click
Dim s As String
s = main_text.Text
If InStr(s, "<div align='right' dir = 'rtl'><br>") = 0 Then
main_text.Text = "<div align='right' dir = 'rtl'><br>" + _
main_text.Text + "</div>"
End If
End Sub
End Class

****************************

What may be the problem of the exception above ?

Thanks :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,056
Messages
2,570,446
Members
47,097
Latest member
MarionMajo

Latest Threads

Top