Friday, 1 June 2012

Beginning .Net , C# Tips : "A potentially dangerous Request.Form value was detected from the client" Error Occurred during page postback

Sometimes you get this error when data is post on server from click of button or other postback operations.

You got this type of error message:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (TextBox1="<a>aaa</a>").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_Form() +114
   System.Web.HttpRequest.get_HasForm() +8896047
   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
   System.Web.UI.Page.DeterminePostBackMode() +69
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
   System.Web.UI.Page.ProcessRequest() +78
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.linqtoobject_aspx.ProcessRequest(HttpContext context) in c:\Users\tempuser\AppData\Local\Temp\Temporary ASP.NET Files\sampleapplication\af2e8044\2172ed84\App_Web_pavad1h4.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Error Reason :

ASP.NET do request validation against form variables , query string  and cookie data.
By default, if the current Request contains HTML-encoded elements (such as <a>, <h1> tags) or  HTML characters (Like &#151), the ASP.NET page framework raises an error.

Example , text field in the form and server side button which post this form data to server, if operator typed some text containing html tag such as <a href="aaa"> in textbox and click on button for postback at that time asp.net raise Error for request validation.

There are special configuration settings for .Net 4.0 .

There are two Possible solutions for this.

Solution 1 :
    Make server side configuration setting for this.
    If you want to allow HTML element as input from selected pages in your project than you set this page attribute.
    <%@ Page ValidateRequest="false" %>
    This ValidateRequest="false" on each page.
    If you want in all pages in you project than make changes in Web.Config file.
    Add this tag In <system.web> section.
  <pages validateRequest="false" />
    If you are using .Net 4.0 than you have to make one more change in Web.Config file.
    Add this tag In <system.web> section.
    <httpRuntime requestValidationMode="2.0" />
   
    Here are configuration for do not validate request for all pages in .Net 4.0
    <configuration>
      <system.web>
         <httpRuntime requestValidationMode="2.0" />
      </system.web>
      <pages validateRequest="false">
      </pages>
    </configuration>

Solution 2 :
    Make Client side changes.
    Encode HTML tag at client side before it submitted to server.
    Example :
        &lt;a&gt; for <a> tag.
        &lt;b&gt; for <b> tag.

These are the two possible solutions you can implement in you project.

No comments:

Post a Comment