A potentially dangerous request error

Question

0.00/5 (No votes)

See more:

I am trying to store BCA&# entered in textbox in asp.net and sql server. But i got error System.Web.HttpRequestValidationException
A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtName="BCA&#").

What I have tried:

i found the issue is &#. when &# is written together it is causing issue. How can i store this input without using ValidateRequest="false" at page directive.

. I tried

Server.HtmlEncode(txtName.Text.Trim())

but is not working too.

Posted 5-Mar-17 20:38pm

xpertzgurtej

Updated 5-Mar-17 22:22pm

v5

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2017-03-05T22:12:00

Solution 1

Quote:
How can i store this input without using ValidateRequest="false" at page directive.

You can't, you're going to have to disable validation for that page and ensure your code is not vulnerable to XSS attacks etc.

Posted 5-Mar-17 22:12pm

F-ES Sitecore

Comments

xpertzgurtej 6-Mar-17 4:34am

i don't want to set ValidateRequest="false" because it will allow XSS attacks. What to do in this case? how to ensure this?

F-ES Sitecore 6-Mar-17 4:44am

Just make sure your code is not vulnerable to XSS attacks, it is perfectly possible to do this. Just ensure any data that comes from the user is not written directly to the output html in a non-encoded form.

xpertzgurtej 6-Mar-17 5:20am

So what should i do now? Should i use ValidateRequest="false" at page directive or something else?

F-ES Sitecore 6-Mar-17 5:23am

Yes you have to use ValidateRequest="false"

xpertzgurtej 6-Mar-17 6:48am

:(

ZurdoDev 6-Mar-17 8:07am

If you're doing .Net 4+ then you'll also need to make web.config changes as Solution 2 points out.

Karthik_Mahalingam · Answer 2 · 2017-03-05T22:22:00

Solution 2

Add these two under <system.web> in web.config file

XML

<httpRuntime requestValidationMode="2.0" />
 <pages validateRequest="false" />

if the tags are already present, then try to update only the properties to it.

Posted 5-Mar-17 22:22pm

Karthik_Mahalingam

Comments

ZurdoDev 6-Mar-17 8:07am

This will do it for all pages which is not a good idea. You should do this in a location tag.

Karthik_Mahalingam 6-Mar-17 8:14am

reply with an example please, I am unaware of this :(

ZurdoDev 6-Mar-17 8:19am

https://msdn.microsoft.com/en-us/library/b6x6shw7(v=vs.71).aspx

It's a way to have a setting only affect a certain page or folder.

Karthik_Mahalingam 6-Mar-17 8:28am

Thanks for the info, i will consider this in future.