locked
code for avoiding potentially dangerous request error message RRS feed

  • Question

  • User442781244 posted

    Hi

    I need a sample application in asp.net.

    how to remove potentially dangerous request error message in that application.

    kindly help.

    Monday, April 1, 2013 1:46 AM

Answers

  • User1124521738 posted

    you'll get this warning if the server sees html markup in the input fields, and you'll need to turn off validation if you intend to handle that kind of data

    How To: Prevent Cross-Site Scripting in ASP.NET http://msdn.microsoft.com/en-us/library/ff649310.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:03 AM
  • User1534498098 posted

    Just set EnableEventValidation and ValidateRequest to FALSE in the .aspx page...like this.

    <%@ Page Title="" Language="C#" MasterPageFile="~/Master.Master" AutoEventWireup="true"
        CodeBehind="WebPage1.aspx.cs" Inherits="WebProject.WebPage1" EnableEventValidation="false"
        ValidateRequest="false" %>

    By setting this attributes to false....you are overriding page validation not the asp validators which works on the client side. So your validators will work just fine even you set  EnableEventValidation and ValidateRequest to FALSE

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:12 AM
  • User-782344923 posted

    love4asp.net

    how to remove potentially dangerous request error message in that application.

    Hi,

    To remove "Potential Dangerous Request" error in application, use following precautions.

    • Add ValidateRequest="false" in @Page tag.

    If you still got the same error. In .NET 4, we need to add requestValidationMode="2.0"  to the httpRuntime configuration section of the web.config as

    • <httpRuntime requestValidationMode="2.0"/>
    But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section and add following as:
    • <pages validateRequest="false" />

    Let me know if any query remains.

    Cheers

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:13 AM

All replies

  • User44562928 posted

    Does your page have ValidateRequest=false at top of .aspx page ?

    Monday, April 1, 2013 1:59 AM
  • User1124521738 posted

    you'll get this warning if the server sees html markup in the input fields, and you'll need to turn off validation if you intend to handle that kind of data

    How To: Prevent Cross-Site Scripting in ASP.NET http://msdn.microsoft.com/en-us/library/ff649310.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:03 AM
  • User442781244 posted

    hi 

    if i will do validtionrequest = false. then what is the use of validation???

    then my ctrl present in a form will not be validated. Soplease explain.

    Monday, April 1, 2013 2:08 AM
  • User1124521738 posted

    validator controls will still run, it's the validation against cross site scripting that will no longer fire, if you plan to allow html content, it's a necessity to turn off.

    Monday, April 1, 2013 2:12 AM
  • User1534498098 posted

    Just set EnableEventValidation and ValidateRequest to FALSE in the .aspx page...like this.

    <%@ Page Title="" Language="C#" MasterPageFile="~/Master.Master" AutoEventWireup="true"
        CodeBehind="WebPage1.aspx.cs" Inherits="WebProject.WebPage1" EnableEventValidation="false"
        ValidateRequest="false" %>

    By setting this attributes to false....you are overriding page validation not the asp validators which works on the client side. So your validators will work just fine even you set  EnableEventValidation and ValidateRequest to FALSE

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:12 AM
  • User-782344923 posted

    love4asp.net

    how to remove potentially dangerous request error message in that application.

    Hi,

    To remove "Potential Dangerous Request" error in application, use following precautions.

    • Add ValidateRequest="false" in @Page tag.

    If you still got the same error. In .NET 4, we need to add requestValidationMode="2.0"  to the httpRuntime configuration section of the web.config as

    • <httpRuntime requestValidationMode="2.0"/>
    But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section and add following as:
    • <pages validateRequest="false" />

    Let me know if any query remains.

    Cheers

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 1, 2013 2:13 AM