A potentially dangerous Request.Form value was detected from the client

by

I have one asp.net application, which has some problems while i am entering the special characters such as “: &#, ” in the search box. If i enter this text in search box, i got the exception like this.

A potentially dangerous Request.Form value was detected from the client (txtValue=”: &#, “).

then i searched on the net, i got one general solution for this that to set the validaterequest to false. But no changes has been made on my application. Please help me for solving this issue. Any response that would be appreciated.

Contents hide
Answers:
Method 1
Method 2
Method 3
Method 4

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Add a web.config containing

<system.web>
    <pages validateRequest="false" />
</system.web>

to the directory with the page that has the form in question.

See http://www.asp.net/learn/whitepapers/request-validation for a complete description.

In case you use asp.net 4.0, you may try 

<httpRuntime requestValidationMode="2.0" />

See also

Method 2

A little late, but in agreement with those saying putting this in web.config is a security hole.

I do it with the [ValidateInput(false)] attribute on the controller in question.

ValidateInput is found in System.Web.MVC in MVC2

Method 3

I created a table article with columns articleId and article_content. I also used html editor for article_content column. When I tried to save I got the same error. It was resolved by adding [AllowHtml] to the article_content property in the class.

Don’t forget to include the namespace using System.Web.Mvc. For more details:
http://www.infinetsoft.com/Post/A-potentially-dangerous-Request-Form-value-was-detected-from-the-client/1246

Method 4

Using Framework 4.5 the solution is to modify web.config adding following line:

<httpRuntime requestValidationMode="4.5"/>

And getting the request as follows:

string reportXML = this.Request.Unvalidated.Form["reportstream"];


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x