A few days ago, while working on an ASP.NET 4.0 Web project, I got an issue. The issue was, when user enters non-encoded HTML content into a comment text box s/he got something like the following error message:

"A potentially dangerous Request.Form value was detected from the client".

This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a linkRequest Validation, that is a feature put in place to protect your application cross site scripting attack and followed accordingly.

To disable request validation, I added the following to the existing "page" directive in that .aspx file.

ValidateRequest="false"

But I still got the same error. Later I found that, for .NET 4, we need to add requestValidationMode="2.0" to thehttpRuntime configuration section of the web.config file like the following:

<httpRuntime requestValidationMode="2.0"/>

But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section.

If anyone wants to turn off request validation globally for a user, the following line in the web.config file within<system.web> section will help:

<pages validateRequest="false" />

Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.

However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

ASP.NET 4.0 potentially dangerous Request.Form value was detected的更多相关文章

  1. A potentially dangerous Request.Form value was detected from the client问题处理

    问题剖析: 用户在页面上提交表单到服务器时,服务器会检测到一些潜在的输入风险,例如使用富文本编辑器控件(RichTextBox.FreeTextBox.CuteEditor等)编辑的内容中包含有HTM ...

  2. 自己留存:小经验在asp.net 4.5或者asp.net mvc 5解决A potentially dangerous Request.Form value was detected from the client

    以前的解决办法是 <configuration>    <system.web>        <pages  validateRequest="false&q ...

  3. 解决.Net 4.0 A potentially dangerous Request.Form value was detected from the client 异常

    在web.config中加入 <httpRuntime maxRequestLength="22000" executionTimeout="43200" ...

  4. A potentially dangerous Request.Form value was detected from the client

    提交表单中包含特殊字符如<script>可能被认为是跨站攻击代码:解决方法很多,如stackoverflow上的web.config中加设置的方法不中肯[如原贴中Jamie M所说],主要 ...

  5. A potentially dangerous Request.Form value was detected from the client的解决办法

    网上找了这么多,这条最靠谱,记录下来,以备后用 <httpRuntime requestValidationMode="2.0"/> <pages validat ...

  6. [BILL WEI] A potentially dangerous Request.Path value was detected from the client 异常处理办法

    我们在ASP.net中使用URL导向后, 我们在访问某个地址,或者打开某个系统页面的时候,就会报错误: A potentially dangerous Request.Path value was d ...

  7. A potentially dangerous Request.Path value was detected from the client异常解决方案

    场景: 当URL中存在“<,>,*,%,&,:,/”特殊字符时,页面会抛出A potentially dangerous Request.Path value was detect ...

  8. ASP.NET 4.0验证请求 System.Web.HttpRequestValidationException: A potentially dangerous Request.F

    System.Web.HttpRequestValidationException: A potentially dangerous Request.F 在使用类似eWebedtior 拷贝内容进去的 ...

  9. System.Web.HttpRequestValidationException: A potentially dangerous Request.F

    ASP.NET .0验证请求 System.Web.HttpRequestValidationException: A potentially dangerous Request.F System.W ...

随机推荐

  1. Windows2003 SQL2005解决系统Administrator密码不知道的问题

    Windows2003 SQL2005解决系统Administrator密码不知道的问题 今天上班的时候,有个同事说不知道谁设置了开机密码,那台电脑一直没有开机密码的他现在进不了桌面 那台电脑没有光驱 ...

  2. 六天玩转javascript:javascript变量与表达式(2)

    本系列内容为本人平时项目实践和参照MDN,MSDN,<javascript语言精粹>,<Effective Javascript>等资料,并且整理自己EverNote的日常积累 ...

  3. 大熊君说说JS与设计模式之------策略模式Strategy

    一,总体概要 1,笔者浅谈 策略模式,又叫算法簇模式,就是定义了不同的算法,并且之间可以互相替换,此模式让算法的变化独立于使用算法的客户. 策略模式和工厂模式有一定的类似,策略模式相对简单容易理解,并 ...

  4. 设计模式之美:Facade(外观)

    索引 意图 结构 参与者 适用性 效果 相关模式 实现 实现方式(一):用抽象类定义 Facade 而使子类对应于不同的子系统. 意图 为子系统中的一组接口提供一个一致的界面,Facade 模式定义了 ...

  5. adblockTester通过js检测用户浏览器是否安装了AdBlock

    adblockTester 简介 首先有必要介绍一下AdBlock,它是一款知名网页广告屏蔽插件,在各大主流浏览器上均有AdBlock插件. AdBlock为用户带来了一片蓝天,却苦了站长,尤其是苦逼 ...

  6. proj01总结:spring jdbc操作

    commons-collections.jar: Apache Commons包中的一个,包含了一些Apache开发的集合类,功能比java.util.*强大.必须使用的jar包. commons-l ...

  7. js获取url传递参数

    <head> <meta charset="UTF-8"> <title></title> <script type=&quo ...

  8. Ubuntu SVN客户端安装

    查看系统版本: uname -a (Linux查看版本当前操作系统内核信息) cat /proc/version (Linux查看当前操作系统版本信息) 1.首先需要安装Ubuntu SVN.Ubun ...

  9. Atitit.mvc的趋势与未来attilax总结

    Atitit.mvc的趋势与未来attilax总结 1. Mvc的分类 (服务端mvc  vs客户端mvc)1 2. Mvc的趋势,从服务端mvc正在转向客户端mvc1 2.1. 更加完善的分离..h ...

  10. atitit.api设计 方法 指南 手册 v2 q929.docx

    atitit.api设计 方法 指南 手册 v2 q929.docx atitit.api设计原则与方法 1. 归一化(锤子钉子理论)1 1.1. 链式方法2 1.2. 规则5:建立返回值类型2 1. ...