[RESOLVED] A potentially dangerous Request.Form value was detected from the client ...

Hi there 


I am creating a small CMS, I have a page with an HTML editor. the user enters text, submit, this of course populates a sqlServer database. 

When I submit the form, I get the following error:

a potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$elm2="<p>Test</p>").

I tried different things:

- I added ValidateRequest="false" on the top of the page

- In the code behind which deals with the Insert to DB, my Insert parameter is as follow:

commI.Parameters.Add("@body", SqlDbType.Text);

commI.Parameters["@body"].Value = HttpUtility.HtmlEncode(elm2.Text);

None of the above have fixed it

Christophe



Hi,

Yes it is due to .net framework 4.0....

solution is put below tag under <system.web>.......


<system.web>

<httpRuntime requestValidationMode="2.0" ></httpRuntime>

</system.web>

add validateRequest="false" in your page directive and check it


If you just want to fix the error you can add the following to your .config file which will allow the ValidateRequest="false" directive to take effect with .net v4

<system.web>

<httpRuntime requestValidationMode="2.0"/>    

</system.web>

I am pretty sure thats all that needs to be done

Add

enableEventValidation="false" viewStateEncryptionMode="Never" enableViewStateMac="false"

in the Page directive


On page directive set ValidateRequest="false" and your error will be solved......

You can try ClientScript.RegisterForEventValidation function & keep EventValidation ON.

http://msdn.microsoft.com/en-us/library/ms366515.aspx

http://msdn.microsoft.com/en-us/library/ms223395.aspx

If this doesn't help, please post your code. 

Thanks for that, that nailed it.


Christophe

thoughts on "[RESOLVED] A potentially dangerous Request.Form value was detected from the client ..."

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>