Asked by:
A potentially dangerous Request.QueryString value was detected from the client (callingContext="...List.aspx?<script>alert('3242'...").

Question
-
User-1380397803 posted
Hi,
I am using visual studio 2010 but my target framwork is 3.5.I am working on XXScripting prevention.when i add <script>alert('234')<script> to any url then i am getting this type of error.I used
<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" /> both of this but its is not working with framework 3.5.Please any body help me what should i use instead of this two for framwork 3.5 with VS 2010.
Monday, April 22, 2013 2:32 AM
All replies
-
User-1716253493 posted
Dont use
<httpRuntime requestValidationMode="2.0" />
remove it, net 3.5 and net 2.0 using same net 2.0 CLR
Above line is used in net 4
Monday, April 22, 2013 2:36 AM -
User-1380397803 posted
then what should i used???
Monday, April 22, 2013 2:53 AM -
User-1716253493 posted
just remove requestvalidationmode
Monday, April 22, 2013 2:57 AM -
User-1380397803 posted
i have already removed it but what is the other solution for this error.
Monday, April 22, 2013 2:58 AM -
User1203810295 posted
Hi. I guess you are passing this value in querystring. you have to encrypt it before attching to url..
Monday, April 22, 2013 3:05 AM -
User-1380397803 posted
I am using htmlecode and urlencode for this is httpmodule but it is not working..Please help me
Monday, April 22, 2013 3:11 AM -
User-1716253493 posted
To pass queryquery string like below
list.aspx?alert=234
Monday, April 22, 2013 3:12 AM -
User-1380397803 posted
Thanks but if any user directing use it without "=" in above solution then it will always come.I want to prevent it from XXScripting.
Monday, April 22, 2013 3:17 AM