Sunday, June 12, 2011

A potentially dangerous Request.Form value was detected from the client

Everytime a user posts something containing < or > in a page in webapp, you will get this exception thrown.
so for this issue you need to  Put

1. validateRequest="false" in your page directive or web.config file.

The .NET framework is throwing up an error because it detected something in the entered text which looks like an HTML statement. The text doesn't need to contain valid HTML, just anything with opening and closing angled brackets ("<...>").
The reason behind the error is as a security precaution. Developers need to be aware that users might try to inject HTML (or even a script) into a text box which may affect how the form is rendered. For further details see www.asp.net/learn/whitepapers/request-validation/.


In your web.config file

2. <httpRuntime requestValidationMode="2.0"/>
<configuration>
    <system.web>
        <pages validateRequest="false" />
    </system.web>
</configuration>
 
3.  
[Post, ValidateInput(false)]
public ActionResult Edit(string message) {
    ...
} 
4.
[AcceptVerbs(HttpVerbs.Get)]
[ValidateInput(false)]
public ActionResult List(string message)
{
}
If you are using MVC3.0 you can use [AllowHtml]
public class XMLModel
    {
        [AllowHtml]
        public string msg { get; set; }
    }
 
Thanks

No comments:

Post a Comment

Share your thoughts....