Click here to Skip to main content
11,806,350 members (64,878 online)
Click here to Skip to main content

Tagged as

ASP.NET 4.0 potentially dangerous Request.Form value was detected

, 6 Feb 2013 CPOL 260.4K 25
Rate this:
Please Sign up or sign in to vote.
If anyone enters non-encoded HTML content into a text box in an ASP.NET application.

A few days ago, while working on an ASP.NET 4.0 Web project, I got an issue. The issue was, when user enters non-encoded HTML content into a comment text box s/he got something like the following error message:

"A potentially dangerous Request.Form value was detected from the client".

This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a link Request Validation, that is a feature put in place to protect your application cross site scripting attack and followed accordingly.

To disable request validation, I added the following to the existing "page" directive in that .aspx file.


But I still got the same error. Later I found that, for .NET 4, we need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:

<httpRuntime requestValidationMode="2.0"/>

But if there is no httpRuntime section in the web.config file, then this goes inside the <system.web> section.

If anyone wants to turn off request validation globally for a user, the following line in the web.config file within <system.web> section will help:

<pages validateRequest="false" />  

Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.

However, we recommend that you analyze any request validation errors to determine whether existing handlers, modules, or other custom code accesses potentially unsafe HTTP inputs that could be XSS attack vectors.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Monjurul Habib
Software Developer (Senior)
Bangladesh Bangladesh
A life-long-learner, maker and soft music fan. Likes building things to solve problems. Lives in Dhaka with wife and wonderful, smart kid and works as a Senior Software Engineer in applications architecture team.

Has years of successful records serving mid and large scale .NET applications in domestic and international client environment. Expertise in different areas of software development life cycles and Software Architecture.

Always looks for new information and value feedback (especially where got something wrong!).

You may also be interested in...

Comments and Discussions

QuestionQuestions Pin
Member 88831-Jan-15 2:19
memberMember 88831-Jan-15 2:19 
GeneralMy vote of 5 Pin
Humayun Kabir Mamun14-Jan-15 2:59
memberHumayun Kabir Mamun14-Jan-15 2:59 
Questionquestion Pin
Ehsan yazdani rad14-Jul-14 2:57
memberEhsan yazdani rad14-Jul-14 2:57 
GeneralMy vote of 5 Pin
Pratik Bhuva6-Mar-14 22:50
professionalPratik Bhuva6-Mar-14 22:50 
GeneralSolution to error Potentially dangerous request form value was detected from the client Pin
samunder20-Feb-14 18:15
membersamunder20-Feb-14 18:15 
Questionthanks dear Pin
rajveersingh24-Jan-14 0:31
memberrajveersingh24-Jan-14 0:31 
QuestionThanks... Pin
Member 995208821-Oct-13 20:04
memberMember 995208821-Oct-13 20:04 
Questionthanks great Pin
Himanshu Kamothi24-Jul-13 3:54
memberHimanshu Kamothi24-Jul-13 3:54 
AnswerRe: thanks great Pin
Monjurul Habib24-Jul-13 8:29
professionalMonjurul Habib24-Jul-13 8:29 
GeneralMy vote of 5 Pin
dpalash2-May-13 3:14
professionaldpalash2-May-13 3:14 
GeneralRe: My vote of 5 Pin
Monjurul Habib24-Jul-13 8:28
professionalMonjurul Habib24-Jul-13 8:28 
GeneralMy vote of 3 Pin
DrTJ20668-Mar-13 4:23
memberDrTJ20668-Mar-13 4:23 
QuestionBest of both worlds Pin
Isaac Shloss26-Dec-12 10:04
memberIsaac Shloss26-Dec-12 10:04 
AnswerRe: Best of both worlds Pin
minLVwang9-Jan-13 16:28
memberminLVwang9-Jan-13 16:28 
QuestionPartially dangerous solution! Pin
Jurisfox9-Nov-12 1:23
memberJurisfox9-Nov-12 1:23 
AnswerRe: Partially dangerous solution! Pin
Monjurul Habib9-Nov-12 10:06
memberMonjurul Habib9-Nov-12 10:06 
GeneralMy vote of 5 Pin
Member 89619178-Nov-12 3:28
memberMember 89619178-Nov-12 3:28 
GeneralRe: My vote of 5 Pin
Monjurul Habib8-Nov-12 7:54
memberMonjurul Habib8-Nov-12 7:54 
QuestionGreat Solution!!!!! Pin
nickT.Tnick18-Oct-12 22:07
membernickT.Tnick18-Oct-12 22:07 
AnswerRe: Great Solution!!!!! Pin
Monjurul Habib19-Oct-12 6:37
memberMonjurul Habib19-Oct-12 6:37 
GeneralMy vote of 5 Pin
Ajith_joseph3-Aug-12 0:46
memberAjith_joseph3-Aug-12 0:46 
GeneralRe: My vote of 5 Pin
Monjurul Habib3-Aug-12 2:31
memberMonjurul Habib3-Aug-12 2:31 
Generaltanx Pin
Behzad Habibzadeh11-Jul-12 1:21
memberBehzad Habibzadeh11-Jul-12 1:21 
GeneralRe: tanx Pin
Monjurul Habib3-Aug-12 2:31
memberMonjurul Habib3-Aug-12 2:31 
Questionhi Pin
Nitin Kumar Chaudhary27-Jun-12 22:55
memberNitin Kumar Chaudhary27-Jun-12 22:55 
AnswerRe: hi Pin
Monjurul Habib28-Jun-12 20:13
memberMonjurul Habib28-Jun-12 20:13 
GeneralMy vote of 5 Pin
walkerwzy22-Jun-12 21:16
memberwalkerwzy22-Jun-12 21:16 
GeneralRe: My vote of 5 Pin
Monjurul Habib24-Jun-12 21:37
memberMonjurul Habib24-Jun-12 21:37 
GeneralRealy Helpfull Pin
Arman Erfani11-Jun-12 21:34
memberArman Erfani11-Jun-12 21:34 
GeneralRe: Realy Helpfull Pin
Monjurul Habib14-Jun-12 10:05
memberMonjurul Habib14-Jun-12 10:05 
GeneralMy vote of 5 Pin
techchallenger6-May-12 14:23
membertechchallenger6-May-12 14:23 
GeneralRe: My vote of 5 Pin
Monjurul Habib7-May-12 21:17
memberMonjurul Habib7-May-12 21:17 
GeneralReason for my vote of 5 Exactly my scenario, and was helpful Pin
Member 467175418-Feb-12 9:33
memberMember 467175418-Feb-12 9:33 
GeneralRe: thank you Pin
Monjurul Habib25-Feb-12 23:52
memberMonjurul Habib25-Feb-12 23:52 
GeneralReason for my vote of 5 excellent post Pin
jpmontoya18226-Dec-11 7:43
memberjpmontoya18226-Dec-11 7:43 
GeneralRe: thank you Pin
Monjurul Habib26-Dec-11 8:25
memberMonjurul Habib26-Dec-11 8:25 
GeneralReason for my vote of 5 Run into this several times recently... Pin
PeterA20-Dec-11 10:14
memberPeterA20-Dec-11 10:14 
GeneralRe: thank you Pin
Monjurul Habib20-Dec-11 19:28
memberMonjurul Habib20-Dec-11 19:28 
GeneralThis does not address the security aspect of setting Validat... Pin
davecal20-Dec-11 3:47
memberdavecal20-Dec-11 3:47 
GeneralRe: This is merely another example of microsoft trying to 'save'... Pin
Verrice22-Dec-11 6:10
memberVerrice22-Dec-11 6:10 
GeneralReason for my vote of 3 While this is a workaround it doesn'... Pin
davecal20-Dec-11 3:45
memberdavecal20-Dec-11 3:45 
GeneralThis will be easier with ASP.NET 4.5: Pin
Richard Deeming15-Dec-11 8:41
memberRichard Deeming15-Dec-11 8:41 
GeneralRe: I was talking about ASP.NET 4.0, anyway thank you Pin
Monjurul Habib18-Dec-11 16:48
memberMonjurul Habib18-Dec-11 16:48 
GeneralReason for my vote of 5 Excellent. Needs a link or an extent... Pin
Dave Vroman14-Dec-11 5:23
memberDave Vroman14-Dec-11 5:23 
GeneralRe: thank you Pin
Monjurul Habib14-Dec-11 6:46
memberMonjurul Habib14-Dec-11 6:46 
GeneralReason for my vote of 5 Great this help solve my problem of ... Pin
Diing13-Dec-11 17:22
memberDiing13-Dec-11 17:22 
GeneralRe: thank you Pin
Monjurul Habib13-Dec-11 18:46
memberMonjurul Habib13-Dec-11 18:46 
GeneralReason for my vote of 5 keep it up! Pin
Aftab Quraishi12-Dec-11 19:06
memberAftab Quraishi12-Dec-11 19:06 
GeneralRe: thanks boss :) Pin
Monjurul Habib12-Dec-11 19:13
memberMonjurul Habib12-Dec-11 19:13 
GeneralReason for my vote of 5 useful Pin
Humayun Kabir Mamun10-Dec-11 22:53
memberHumayun Kabir Mamun10-Dec-11 22:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.151002.1 | Last Updated 6 Feb 2013
Article Copyright 2011 by Monjurul Habib
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid