Yesterday I was working with self posting form that contained html characters as of a content management implementation using ASP.NET and I came across an error message I’d not seen from any application server. It said:<\/p>\n
“A potentially dangerous Request.Form value was detected from the client..”<\/p>\n
In short, as of ASP.NET 1.1, Microsoft is by default<\/b> not allowing clients to post client script code or HTML to a form. As a developer, you have to either explicitly allow it for a page by including this:<\/p>\n
<%@ Page validateRequest=”false” %><\/p>\n
in your ASP.NET page or by turning it off sitewide in the web.config file:<\/p>\n
<configuration>
\n <system.web>
\n <pages validateRequest=”false” \/>
\n <\/system.web>
\n<\/configuration><\/p>\n
Automatic request validation, in my humble opinion, is pretty nice. Way to go Microsoft. You can read more about this feature<\/a> on the official ASP.NET site<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Yesterday I was working with self posting form that contained html characters as of a content management implementation using ASP.NET and I came across an error message I’d not seen from any application server. It said: “A potentially dangerous Request.Form value was detected from the client..” In short, as of ASP.NET 1.1, Microsoft is by … Continue reading ASP.NET Request Validation – Preventing Script Attacks<\/span>