|
Click to See Complete Forum and Search --> : How to avoid this?! Cipher 10-26-2005, 04:40 PM When i try to get values with tags ie:"<HTML>", "<Script>" from TextBox i get this error A potentially dangerous Request.Form value was detected from the client (TextBox="<html></html>"). any idea about how to avoid this?! UnexplainedWays 10-26-2005, 11:27 PM yep, it's simple. Up in the <%@Page... just add this -> validateRequest="false" HOWEVER, you do need to realise why this setting restricts you in default. Basically, if you allow someone to include there own html tags in a given text eg: <b>Words</b>... there's nothing to stop them from doing this <b>Words</b><script>for(i=1;i<=1000;i++){window.open("www.mysite.com")}</script> If you wanted to then display it to the screen, you can encode and decode the text to make it display without doing any bad stuff. Cipher 10-27-2005, 05:40 AM Well i found that there's you must do something else, or if the users typed something like this: <script language="javascript">alert('anything')</script> it will be executed and wont be saved as text, to avoid this Server.HtmlEncode(TextBox.Text) :) UnexplainedWays 10-27-2005, 08:25 AM I dont think the page will even get to the part where it can get the value of a textbox without the validateRequest="false" Cipher 10-27-2005, 11:50 AM sure wt i mean is that you must add this code not to execute the tags the user enter :) webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved. |
|