locked
HttpRequestValidationException can these be ignored? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-284642143 posted

    I have a form with a number of fields. Each field is then encoded i.e.

    try {
    var Name = Server.HtmlEncode(txtName.Text);
    }
    catch(.....

    before sending an email to the admin of the site. All this works but i get a few server errors with 

    Exception type: HttpRequestValidationException 
Exception message: A potentially dangerous Request.Form value was detected from the client (Control ID with some javascript)

    I understand why this is happening and have also limited all textboxes with XX amount of characters (theres a lot of javascript code being thrown into these boxes) but would it be appropriate to catch this exception in code behind and ignore it or redirect to another page?

    I just dont want to fill the server logs with events that i can ignore but of course if theres some action i need to take i would rather do that?

    Friday, August 9, 2019 8:26 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User665608656 posted

    Hi EssCee,

    Exception type: HttpRequestValidationException 
Exception message: A potentially dangerous Request.Form value was detected from the client (Control ID with some javascript)

    For this message, you can disable page request validation by setting validateRequest to false:

    <%@ Page validateRequest="false" %>

    Or you can disable application request validation by modifying the Web.config file and setting the validateRequest property of the <pages /> section to false

    <configuration>
   <system.web>
      <pages validateRequest="false" />
   </system.web>
</configuration>

    You could refer to this link : A potentially dangerous Request.Form value was detected from the client

    Best Regards,

    YongQing.

    Monday, August 12, 2019 7:11 AM