Remove From My Forums

A potentially dangerous Request.QueryString value was detected from the client (callingContext="...List.aspx?<script>alert('3242'...").

Question
0

Sign in to vote
User-1380397803 posted

Hi,

I am using visual studio 2010 but my target framwork is 3.5.I am working on XXScripting prevention.when i add <script>alert('234')<script> to any url then i am getting this type of error.I used

<pages validateRequest="false" />

<httpRuntime requestValidationMode="2.0" /> both of this but its is not working with framework 3.5.Please any body help me what should i use instead of this two for framwork 3.5 with VS 2010.
Monday, April 22, 2013 2:32 AM

All replies

0

Sign in to vote
User-1716253493 posted

Dont use

<httpRuntime requestValidationMode="2.0" />

remove it, net 3.5 and net 2.0 using same net 2.0 CLR

Above line is used in net 4
Monday, April 22, 2013 2:36 AM
0

Sign in to vote

User-1380397803 posted

then what should i used???

Monday, April 22, 2013 2:53 AM
0

Sign in to vote

User-1716253493 posted

just remove requestvalidationmode

Monday, April 22, 2013 2:57 AM
0

Sign in to vote

User-1380397803 posted

i have already removed it but what is the other solution for this error.

Monday, April 22, 2013 2:58 AM
0

Sign in to vote

User1203810295 posted

Hi. I guess you are passing this value in querystring. you have to encrypt it before attching to url..

Monday, April 22, 2013 3:05 AM
0

Sign in to vote

User-1380397803 posted

I am using htmlecode and urlencode for this is httpmodule but it is not working..Please help me

Monday, April 22, 2013 3:11 AM
0

Sign in to vote

User-1716253493 posted

To pass queryquery string like below

list.aspx?alert=234

Monday, April 22, 2013 3:12 AM
0

Sign in to vote

User-1380397803 posted

Thanks but if any user directing use it without "=" in above solution then it will always come.I want to prevent it from XXScripting.

Monday, April 22, 2013 3:17 AM