potentially dangerous request.form value was detected from the client innerhtml
Question
i have a form that render a table with a hidden field values and run Document Ready this page.
hidden fields values that fill in code behind in pageload is:
<div
onclick="GetIcon(this)" style="cursor:pointer;"
URL=~\App_Images\Gallery\MapIcons\administrativeboundary.png >
<img
src=../App_Images/Gallery/MapIcons/administrativeboundary.png
title="administrativeboundary"/>
</div>
#
<div
onclick="GetIcon(this)"
style="cursor:pointer;"
URL=~\App_Images\Gallery\MapIcons\administrativeboundary.png >
<img src=../App_Images/Gallery/MapIcons/administrativeboundary.png
title="administrativeboundary"/>
</div>#
my functions page load is :
$(document).ready(function() {
RendertblConstantsColumns('tbl_Gallery', 5, 'GColumn');
RenderGalleryTable();
});
function RendertblConstantsColumns(tblid, ColumnNo, Columnid) {
var tblConstants = document.getElementById(tblid);
var tr = document.createElement('tr');
tblConstants.appendChild(tr);
for (var i = 0; i < ColumnNo; i++) {
var td = document.createElement('td');
td.setAttribute('style', 'text-align: right');
td.setAttribute('id', Columnid + i.toString());
tblConstants.appendChild(td);
}
}
function RenderGalleryTable() {
var Gallery = document.getElementById("<%=hdnGallery.ClientID%>");
var Images = Gallery.value.split('#');
for (var i = 0; i < Images.length - 1; i++) {
var Mode = i % 5;
var Column = document.getElementById('GColumn' + Mode.toString());
Column.innerHTML += Images[i];
}
}
i set ValidateRequest="false" And EnableEventValidation="false" this page but when get page run, show this error message:
potentially dangerous request.form value was detected from the client
my stack trace is:
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_Item(String key)
at ASP.global_asax.Application_PreRequestHandlerExecute(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
EDIT: I fill hidden field Like this in server:
string HTML = "";
HTML += "<div onclick=\"GetIcon(this)\" style=\"cursor:pointer;\"" + " URL=" + URL + " ><img " + "src=../App_Images/Gallery/MapIcons/" + ImageName + " " + "title=\"" + ImageName.Split('.')[0] + "\"" + "/></div>#";
hdnGallery.Value = HTML;
2 answers
solution1
0 2014-07-21 11:41:02
Usually the solution is to HTML encode the offending data which is being sent to the server.
Since the error occurs on run, try and identify the line of code triggering the error, probably from javascript.
solution2
0 ACCPTED 2014-07-27 02:44:28
Please make required settings in web.config file :-
<system.web>
<requestValidationMode="2.0" />
</system.web>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.