ASP.NET - Potentially dangerous Request.Form value detected

Question

ASP.NET - Potentially dangerous Request.Form value detected

On a Windows 2008 web server, I get the following error when submitting a form with html tags in text fields:

A potentially dangerous Request.Form value was detected from the client (widget $ txtText = "

This is a common mistake, and you correct it either using the ValidateRequest = false page or in the web.config file with the validaterequest = false pages. However, on this particular server, it completely ignores validaterequest = false and throws this exception anyway. Has anyone seen this behavior before and knows what else I can do to prevent this error? I saw this in two web applications now on the same server, this is really strange.

Thanks Justin

+3

asp.net

Justin Jun 23 '10 at 23:04

source share

2 answers

What version of .NET are you using? Page validation works a little differently in .NET 4.

0

Damien dennehy Jun 23 '10 at 23:26

source share

Mike · Accepted Answer · 2010-06-24T11:04:28+0000

I don't know about 3.5, but to fix it in 4.0, use

<httpRuntime requestValidationMode="2.0" />

in your web.config and set the page directive as you said in your question.

ASP.NET - Potentially dangerous Request.Form value detected

More articles: