There is an ASP.NET on my page <asp:TextBox />whose text input is encoded withHttpUtility.HtmlEncode();
The page also has validators, such as <asp:RequiredFieldValidator />and <asp:CustomValidator />, as well as several AJAX tools<toolkit:ValidatorCalloutExtender />
If a user enters </as text in a text field, a Javascript error
A potentially dangerous Request.Form value was detected
from the client (ctl00$contentPlaceHolder$ucLookup$tbxLastName="</")
happens when the form is submitted. I tried to add various event handlers such as
protected void Page_PreInit(object sender, EventArgs e){}
protected void Page_Init(object sender, EventArgs e){}
protected void Page_PreLoad(object sender, EventArgs e){}
and setting breakpoints, but none of them hit, which led me to think that the error occurs only on the client side.
How can I debug this error? Are there any hooks that allow me to intercept user input and filter or encode it before it causes this problem?