I’m serializing and saving form and query string data to a database for each user request. This particular submitted model already has the [AllowHtml] attribute and submits fine to the controller. The issue is inside the Global.asax file where I log the request, when I access this form value I get the exception:
“A potentially dangerous Request.Form value was detected from the
client (…).”
protected void Application_PostRequestHandlerExecute(Object sender, EventArgs e)
{
...
var serializer = new JavaScriptSerializer();
var formData = (Request.Form.Count == 0) ? "" : serializer.Serialize(Request.Form.AllKeys.Where(x => x != null).ToDictionary(k => k, k => Request.Form[k]));
...
}
Error gets thrown when it tries to access Request.Form[k] when it contains invalid characters.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Accessing values with Request.Form[] will trigger request validation (hence the exception). You can use the Unvalidated property of HttpRequest to get the request values without triggering validation.
Replace
Request.Form[k]
with
Request.Unvalidated.Form[k]
Use with caution – from the documentation:
Security Note: If you use this property, you must manually check the data for potential cross-site scripting attacks.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0