Friday, September 23, 2011

A potentially dangerous Request.Form value was detected from the client

Server Error in '/' Application.


A potentially dangerous Request.Form value was detected from the client (txtCode="<br/>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of 
the request has been aborted. This value may indicate an attempt to compromise the security of your application, 
such as a cross-site scripting attack. To allow pages to override application request validation settings, set the 
requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". 
Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request
validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. 
However, it is strongly recommended that your application explicitly check all inputs in this case. For more 
information, see http://go.microsoft.com/fwlink/?LinkId=153133. 

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form 
value was detected from the client (txtCode="<br/>").

You have to do little modification to you application to get this fixed. 
1. Add <httpRuntime requestValidationMode="2.0" /> in your application web.config
   under <system.web>.
   <system.web>
    <httpRuntime  requestValidationMode="2.0"/>

2. Add RequestValidation="false" on your page or in web.config <pages> 
   attribute.
<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest = "false"

or
to work this for whole application do in web.config as:
<system.web>
    <httpRuntime  requestValidationMode="2.0"/>
    <pages validateRequest ="false"></pages> 

No comments :

Post a Comment