Allow the Textbox control to accept Html text in Asp.net- An introduction to ValidateRequest Attribute in Asp.net

 Blog author: Niladri.Biswas | Posted on: 5/26/2012 | Category: ASP.NET Blogs | Views: 2430 | Status: [Member] | Points: 75 | Alert Moderator   Tweet  Download source file

Submit Blog | Blogs Home |

Introduction

Paste the below line of text in a Asp.net Textbox control and click on the "Click Me" button

We will get an error page as under

Why it happens?

The web application has been prevented from processing unencoded HTML content submitted to the server.This is caused by the Request validation.It is a feature of ASP.NET (since version 1.1) which prevents the server from accepting un-encoded HTML content.It prevents script that may cause injection attacks.

When we run the application, we got the error

A potentially dangerous Request.Form value was detected from the client".(txtInput="<html><head><...").

What is the solution to this?

If we look minutely, the solution is given in the description

It offers two changes to happen in the web application

1. Set the requestValidationMode attribute in the httpRuntime configuration section of the web.config file to requestValidationMode="2.0"

   e.g.

   				<system.web>
   					<httpRuntime requestValidationMode="2.0" />
   				 </system.web>
   			

2. Once the above is done,we can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section

   e.g. At Page Level

   				<%@ 
   					Page Language="C#" 
   					AutoEventWireup="true" 
   					CodeFile="TestPage.aspx.cs" 
   					Inherits="TestPage" 
   					ValidateRequest ="false"
   				%>
   			

   e.g. Globally at the <pages> configuration section

   				<system.web>
   					<pages validateRequest="false" />
   				 </system.web>
   			

Conclusion

Hope this short tutorial has helped us the use of ValidateRequest attribute and it's importance in the asp.net parlance.Thanks for reading