stackoom
  简体   繁体   中英

A potentially dangerous Request.Form value was detected from the client

 原文  2015-03-25 05:25:27       c#/ asp.net/ webforms

Question

Webform1.aspx has grid.Grid contain edit button. On click of edit button, user is redirected to webform2.aspx page. A Querystring id is passed to Webform2.aspx . Webform2.aspx shows all data of that id. Webform contain dropdownlist, textboxes and button etc.

I am fetching record from database and assigning to control like dropdownlist, textbox and button. When assigning value to textbox that contain < or > and trying to update the record. It throws an exception. Exception is A potentially dangerous Request.Form value was detected from the client . So I tried to use htmlencode method.

Below is my code In cs file 

 public partial class Webform1 : System.Web.UI.Page
    {
     string strUrl="";
    protected void Page_Load(object sender, EventArgs e)
    {

    // Fetching value from database and assigning to string   
    Textbox1.Text= dr["URL"].ToString();
    // directly use string 
   //strUrl= dr["URL"].ToString();
    }

    protected void button_Click(object sender, EventArgs e)  
    {
    string s2 ="";  
    string s3 = "";             
    strUrl= Textbox1.Text;                   
         if ((strUrl.Contains("<")) || (strUrl.Contains(">")))
         {
           s2 = Server.HtmlEncode("<");
           s3 = Server.HtmlEncode(">");
           strUrl= strPingUrl.Replace("<", s2);
           strUrl= strPingUrl.Replace(">", s3);                                    
       }
     Textbox1.Text =strUrl; 
    // updation code

When I will try to insert it throws exception.Instead of assigning value to textbox if i use string.It is working. I am able to update the record. But I don't want like this. User can change the value in textbox. So I want to take value from textbox.

1 answers

solution1
 -2  2015-03-25 05:40:28

To disable request validation on a page you must set the validateRequest attribute of the Page directive to false: 

<%@ Page validateRequest="false" %>

To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the section to false: 

<configuration>
   <system.web>
      <pages validateRequest="false" />
   </system.web>
</configuration>

If you wish to disable request validation for all applications on your server, you can make this modification to your Machine.config file.

In .NET 4 you may need to add to web.config: 

 <httpRuntime requestValidationMode="2.0" />

Details:

  1. http://www.asp.net/whitepapers/request-validation
  2. http://www.asp.net/whitepapers/aspnet4/breaking-changes#0.1__Toc245724857

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client ASPMVC - A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client Exception A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client XXX Potentially dangerous Request.Form value was detected System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client from a bot?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM