locked
A potentially dangerous Request.QueryString value was detected from the client (callingContext="...List.aspx?<script>alert('3242'..."). RRS feed

  • Question

  • User-1380397803 posted

    Hi,

    I am using visual studio 2010 but my target framwork is 3.5.I am working on XXScripting prevention.when i add <script>alert('234')<script> to any url then i am getting this type of error.I used 

    <pages validateRequest="false" />
    <httpRuntime requestValidationMode="2.0" /> both of this but its is not working with framework 3.5.Please any body help me what should i use instead of this two for framwork 3.5 with VS 2010.
    Monday, April 22, 2013 2:32 AM

All replies

  • User-1716253493 posted

    Dont use

    <httpRuntime requestValidationMode="2.0" /> 

    remove it, net 3.5 and net 2.0 using same net 2.0 CLR

    Above line is used in net 4

    Monday, April 22, 2013 2:36 AM
  • User-1380397803 posted

    then what should i used???

    Monday, April 22, 2013 2:53 AM
  • User-1716253493 posted

    just remove requestvalidationmode

    Monday, April 22, 2013 2:57 AM
  • User-1380397803 posted

    i have already removed it but what is the other solution for this error.

    Monday, April 22, 2013 2:58 AM
  • User1203810295 posted

    Hi. I guess you are passing this value in querystring. you have to encrypt it before attching to url..

    Monday, April 22, 2013 3:05 AM
  • User-1380397803 posted

    I am using htmlecode and urlencode for this is httpmodule but it is not working..Please help me

    Monday, April 22, 2013 3:11 AM
  • User-1716253493 posted

    To pass queryquery string like below

    list.aspx?alert=234

    Monday, April 22, 2013 3:12 AM
  • User-1380397803 posted

    Thanks but if any user directing use it without "=" in above solution then it will always come.I want to prevent it from XXScripting.

    Monday, April 22, 2013 3:17 AM