Blog author: Niladri.Biswas
| Posted on: 5/26/2012 | Category: ASP.NET Blogs
| Views: 2430 | Status: [Member]
| Points: 75
| Alert Moderator
Download source file
Paste the below line of text in a Asp.net Textbox control and click on the "Click Me" button
We will get an error page as under
Why it happens?
The web application has been prevented from processing unencoded HTML content submitted to the server.This is caused by the
Request validation.It is a feature of ASP.NET (since version 1.1) which prevents the server from accepting un-encoded HTML content.It
prevents script that may cause injection attacks.
When we run the application, we got the error
A potentially dangerous Request.Form value was detected from the client".(txtInput="<html><head><...").
What is the solution to this?
If we look minutely, the solution is given in the description
It offers two changes to happen in the web application
Set the requestValidationMode attribute in the httpRuntime configuration section of the web.config file to requestValidationMode="2.0"
<httpRuntime requestValidationMode="2.0" />
Once the above is done,we can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section
e.g. At Page Level
e.g. Globally at the <pages> configuration section
<pages validateRequest="false" />
Hope this short tutorial has helped us the use of ValidateRequest attribute and it's importance in the asp.net parlance.Thanks for reading
Found interesting? Add this to: