A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms

if we try to submit some html formatted data on form using rich textbox or some time try to edit any asp.net control (i.e. add some item in dropdown list using java script and than try to submit form) We got an error like “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms

If we put some text like <H1>HELLO</H1>

in rich textbox than error comes and as details is below.

Server Error in ‘/SampleApplication’ Application.
A potentially dangerous Request.Form value was detected from the client (remarks =”<H1>HELLO</H1>")
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details:System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client .
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Solutions:
This error occurs during submit-ion of html format data on form, to eliminate this error we need to set ValidateRequest="false" in @Page lineof web page or web.config file this issue.
Note: This setting will open a potential security issue so be careful while setting it to false. So try to place this on page only if actually need.

To solve this problem we need to add the ValidateRequest="false" in @Page line of web page like this

WebForms

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" ValidateRequest ="false" %>

In this way we need to set ValidateRequest="false" in required pages otherwise we can set it globally to work for all the pages without having this error we need to add ValidateRequest="false" in web.config file under system.web section like this

Web.Config 

If you are using .net 4.0 or above than we have to set one more setting in configuration under system.web section like this: 

   <%httpRuntime requestValidationMode="2.0" /%>
blog comments powered by Disqus