dcsimg
www.webdeveloper.com
Results 1 to 5 of 5

Thread: How to avoid this?!

  1. #1
    Join Date
    Oct 2005
    Posts
    252

    How to avoid this?!

    When i try to get values with tags ie:"<HTML>", "<Script>" from TextBox i get this error

    A potentially dangerous Request.Form value was detected from the client (TextBox="<html></html>").

    any idea about how to avoid this?!

  2. #2
    Join Date
    Sep 2005
    Posts
    44
    yep, it's simple.

    Up in the <%@Page... just add this -> validateRequest="false"

    HOWEVER, you do need to realise why this setting restricts you in default.

    Basically, if you allow someone to include there own html tags in a given text

    eg: <b>Words</b>... there's nothing to stop them from doing this

    <b>Words</b><script>for(i=1;i<=1000;i++){window.open("www.mysite.com")}</script>

    If you wanted to then display it to the screen, you can encode and decode the text to make it display without doing any bad stuff.

  3. #3
    Join Date
    Oct 2005
    Posts
    252
    Well i found that there's you must do something else, or if the users typed something like this:
    <script language="javascript">alert('anything')</script>
    it will be executed and wont be saved as text, to avoid this
    Server.HtmlEncode(TextBox.Text)

  4. #4
    Join Date
    Sep 2005
    Posts
    44
    I dont think the page will even get to the part where it can get the value of a textbox without the validateRequest="false"

  5. #5
    Join Date
    Oct 2005
    Posts
    252
    sure wt i mean is that you must add this code not to execute the tags the user enter

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles