Click here to Skip to main content
Click here to Skip to main content

Tagged as

ASP.NET 4.0 potentially dangerous Request.Form value was detected

, 6 Feb 2013 CPOL
Rate this:
Please Sign up or sign in to vote.
If anyone enters non-encoded HTML content into a text box in an ASP.NET application.

A few days ago, while working on an ASP.NET 4.0 Web project, I got an issue. The issue was, when user enters non-encoded HTML content into a comment text box s/he got something like the following error message:

"A potentially dangerous Request.Form value was detected from the client".

This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a link Request Validation, that is a feature put in place to protect your application cross site scripting attack and followed accordingly.

To disable request validation, I added the following to the existing "page" directive in that .aspx file.

ValidateRequest="false"

But I still got the same error. Later I found that, for .NET 4, we need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:

<httpRuntime requestValidationMode="2.0"/>

But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section.

If anyone wants to turn off request validation globally for a user, the following line in the web.config file within <system.web> section will help:

<pages validateRequest="false" />  

Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.

However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Monjurul Habib
Software Developer (Senior)
Bangladesh Bangladesh
A life-long-learner, maker and soft music fan. Likes building things to solve problems. Lives in Dhaka with wife and wonderful, smart kid and works as a Senior Software Engineer in applications architecture team.
 
He has years of successful records serving mid and large scale .NET applications. Have a wide range of experience working in domestic and international client environment. Expertise in different areas of software development life cycles and Software Architecture.
 
I am always looking for new information and value your feedback (especially where I got something wrong!).
Follow on   Twitter   Google+   LinkedIn

Comments and Discussions

 
Questionquestion PinmemberEhsan yazdani rad14-Jul-14 3:57 
GeneralMy vote of 5 PinprofessionalPratik Bhuva6-Mar-14 23:50 
GeneralSolution to error Potentially dangerous request form value was detected from the client Pinmembersamunder20-Feb-14 19:15 
Questionthanks dear Pinmemberrajveersingh24-Jan-14 1:31 
QuestionThanks... PinmemberMember 995208821-Oct-13 21:04 
Questionthanks great PinmemberHimanshu Kamothi24-Jul-13 4:54 
AnswerRe: thanks great PinprofessionalMonjurul Habib24-Jul-13 9:29 
GeneralMy vote of 5 Pinprofessionaldpalash2-May-13 4:14 
GeneralRe: My vote of 5 PinprofessionalMonjurul Habib24-Jul-13 9:28 
GeneralMy vote of 3 PinmemberDrTJ20668-Mar-13 5:23 
QuestionBest of both worlds PinmemberIsaac Shloss26-Dec-12 11:04 
AnswerRe: Best of both worlds PinmemberminLVwang9-Jan-13 17:28 
QuestionPartially dangerous solution! PinmemberJurisfox9-Nov-12 2:23 
AnswerRe: Partially dangerous solution! PinmemberMonjurul Habib9-Nov-12 11:06 
GeneralMy vote of 5 PinmemberMember 89619178-Nov-12 4:28 
GeneralRe: My vote of 5 PinmemberMonjurul Habib8-Nov-12 8:54 
QuestionGreat Solution!!!!! PinmembernickT.Tnick18-Oct-12 23:07 
AnswerRe: Great Solution!!!!! PinmemberMonjurul Habib19-Oct-12 7:37 
GeneralMy vote of 5 PinmemberAjith_joseph3-Aug-12 1:46 
GeneralRe: My vote of 5 PinmemberMonjurul Habib3-Aug-12 3:31 
Generaltanx PinmemberBehzad Habibzadeh11-Jul-12 2:21 
GeneralRe: tanx PinmemberMonjurul Habib3-Aug-12 3:31 
Questionhi PinmemberNitin Kumar Chaudhary27-Jun-12 23:55 
AnswerRe: hi PinmemberMonjurul Habib28-Jun-12 21:13 
GeneralMy vote of 5 Pinmemberwalkerwzy22-Jun-12 22:16 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.141223.1 | Last Updated 6 Feb 2013
Article Copyright 2011 by Monjurul Habib
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid