stackoom
  简体   繁体   中英

A potentially dangerous Request.Form value was detected from the client Exception

 原文  2016-03-07 06:06:32       c#/ asp.net/ iis

Question

we have internet site on 2 servers with load balance server the code is identical on both servers but one of the servers shows the below exception every minut, the "$MainContent$ASPCONTROL" is changing each time. 

A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$drpOwnerNationality="...lect'"()&%<acx><ScRiPt >prompt...").   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_HasForm()
   at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)_ApplicationError,

3 answers

solution1
 0  2016-03-07 06:33:19

I think one of your control (drpOwnerNationality) has script..ASP.Net does potential XSS validation of your all inputs on the form...So it is detecting script in one of your controls that is what exceptions states.

Problem could be one of user of your application is entering script in Textbox/Control and you are not validting at your client end.

One way is to do validation at client end and inform users that they cannot enter scripts in your control

other way is to turn off validation by setting validateReqeust attribute on page to false 

<@ Page validateRequest="false" %>

But if you do this then you have exposed your application to XSS attacks.One way could be you disable the validation and do encoding of all your input before processing that information... 

`HttpServerUtility.HtmlEncode(drpOwnerNationality.SelectedText);` // assuming it is dropdown

solution2
 0  2016-03-07 06:48:34

Error causes because you try to send pure html or other content which may contain unsecure elements. 1. You can disable request validation just like in following article . 2. Other option you may convert your content to Base64 before send using 3rd party JavaScript library (try google it).

There are several other options but it depends from your case.

solution3
 0  2016-03-09 04:10:54

we detected huge hits from 2 IPs, after blocking them the problem solve. seems somebody was trying to post unsecure html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client ASPMVC - A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.Form value was detected from the client XXX Showing custom error message on exception: A potentially dangerous Request.Form value was detected from the client Potentially dangerous Request.Form value was detected
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM