Solution-A potentially dangerous Request. Form value was detected from the client

{0 Comments}

If you are getting above error, then it May possible the user may enter some “<”,”>”, html or JavaScript line of code in the provided text box.  Because asp.net engine detect it as an XSS attempt , in this attempt hackers and programmer enters some html, JavaScript and sql commands in the text box so that to get important value from server machine. To avoid the loss of important server data server throws this error. Dot net automatically changes < into &lt;, > into &gt; and & into &amp;. You can use following JavaScript before post back so check the scripting tag in input provided by the user. This JavaScript will stop entering “<” and “>” in the text box.

 Javascript |  copy code |? 
01
function checkFields() {
02
        var tbs = new Array();
03
        tbs = document.getElementsByTagName("input");
04
        var isValid = true;
05
        for(i=0; i<tbs.length; i++) {
06
            if (tbs(i).type == 'text') {
07
                if (tbs(i).value.indexOf('<') != -1 || tbs(i).value.indexOf('>') != -1) {
08
                    alert('<> symbols not allowed.');
09
                    isValid = false;
10
                }
11
            }
12
        }
13
        return isValid;
14
    }
15

and add this function to your button OnClientClick=”return checkFields()”.

If you want to turn off the validation due to this error generating to experiment some thing then add this [validateinput(false)] to the top of your method. Or simply add

 HTML |  copy code |? 
1
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="Example.aspx.vb" Inherits="Example.Example" **ValidateRequest="false"** %>

 At the top of .aspx page. This will stop validation to do its work at the runtime. One of the solution to this problem is add <httpRuntime requestValidationMode=”2.0″ /> in the location tag >sytem.web tag of the web.config file.  

Leave a Comment

Your email address will not be published.