I know the < and > characters will cause this error, but what other characters/inputs will cause this error?
I’m testing for this error in the Global.asax, and reridrecting to an error page where I want to list all possible values which cause this error, so the user can go back to their page and get rid of them.
I’ve done some googling, but all I see so far are the < and > characters…surely there are more out there.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Here is the actual complete list of inputs that will cause the error:
<(any a-z character) <! </ <? &#
Note that an angle bracket on it own ‘<‘ will not cause an exception.
There is a similar question that has a more complete answer including some code, which is where I derived the list from.
Of course you could always look here for the rest of it if you are concerned.
Method 2
No, < is not the only character combination that will cause it. &# will cause it as well.
Method 3
ASP.NET helps protect against script exploits that are disguised as URLs by checking for potentially dangerous strings, such as "<!", "</", and "<?".
http://msdn.microsoft.com/en-us/library/w1sw53ds.aspx
from: http://msdn.microsoft.com/en-us/library/system.web.httprequestvalidationexception.aspx
Update: This answer was based on .net 4.0.; for updated tags see https://stackoverflow.com/a/25405146/14753
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0