locked
Request.Unvalidated Still triggering error for ckeditor input RRS feed

  • Question

  • User325035487 posted
    A potentially dangerous Request.Form value was detected from the client (description="<p><span style="colo...").
       at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
       at System.Web.HttpValueCollection.Get(String name)
       at System.Web.HttpRequest.get_Item(String key)
       at ASP._Page_PI_OVR2_cshtml.Execute() in ----.cshtml:line 286
       at System.Web.WebPages.WebPageBase.ExecutePageHierarchy()
       at System.Web.WebPages.WebPage.ExecutePageHierarchy()
       at System.Web.WebPages.StartPage.ExecutePageHierarchy()
       at ASP._Page__PageStart_cshtml.Execute() in ------\_PageStart.cshtml:line 82
    

    I am getting that error message despite my using

    var description = Request.Unvalidated["description"];

    I am inputting the data into MS Sql successfully despite the error email being triggered. How to prevent my root _PageStart.cshtml try catch block from triggering this error.

    Wednesday, December 16, 2015 2:42 PM

Answers

  • User-166373564 posted

    Hi jkjhse,

    Request validation is a feature in ASP.NET that examines an HTTP request and determines whether it contains potentially dangerous content.

    Disabling Request Validation in ASP.NET Web Forms(ASP.NET 4 or later)

    Set the requestValidationMode attribute of the httpRuntime element to "2.0".

    The following example shows how to make request validation occur later for a single page, in this case the Test.aspx page:

    <location path="test.aspx">

      <system.web>

        <httpRuntime requestValidationMode="2.0" />

      </system.web>

    </location>

    More information,you could refer to

    Request Validation in ASP.NET

    https://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx

    Best regards,

    Angie

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 18, 2015 1:53 AM

All replies

  • User-166373564 posted

    Hi jkjhse,

    Request validation is a feature in ASP.NET that examines an HTTP request and determines whether it contains potentially dangerous content.

    Disabling Request Validation in ASP.NET Web Forms(ASP.NET 4 or later)

    Set the requestValidationMode attribute of the httpRuntime element to "2.0".

    The following example shows how to make request validation occur later for a single page, in this case the Test.aspx page:

    <location path="test.aspx">

      <system.web>

        <httpRuntime requestValidationMode="2.0" />

      </system.web>

    </location>

    More information,you could refer to

    Request Validation in ASP.NET

    https://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx

    Best regards,

    Angie

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, December 18, 2015 1:53 AM
  • User325035487 posted

    That helped. But what I dont understand is the reference page you gave mentions this for asp.net web pages

    In ASP.NET Web Pages applications that do not also include Web Forms pages or MVC controllers, you do not have to change any settings in the Web.config file.
    C#
    
    var userComment = Request.Form["userInput"]; // Validated, throws error if input includes markup
    
    Request.Unvalidated("userInput"); // Validation bypassed
    Request.Unvalidated().Form["userInput"]; // Validation bypassed
    
    Request.QueryString["userPreference"]; // Validated
    Request.Unvalidated().QueryString["userPreference"]; // Validation bypassed;
    
    

    Friday, December 18, 2015 6:44 AM