Friday 1 June 2012

Beginning .Net , C# Tips : "A potentially dangerous Request.Form value was detected from the client" Error Occurred during page postback

Sometimes you get this error when data is post on server from click of button or other postback operations.

You got this type of error message:
[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (TextBox1="<a>aaa</a>").]
   System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
   System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) +122
   System.Web.HttpRequest.get_Form() +114
   System.Web.HttpRequest.get_HasForm() +8896047
   System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
   System.Web.UI.Page.DeterminePostBackMode() +69
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
   System.Web.UI.Page.ProcessRequest() +78
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.linqtoobject_aspx.ProcessRequest(HttpContext context) in c:\Users\tempuser\AppData\Local\Temp\Temporary ASP.NET Files\sampleapplication\af2e8044\2172ed84\App_Web_pavad1h4.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Error Reason :

ASP.NET do request validation against form variables , query string  and cookie data.
By default, if the current Request contains HTML-encoded elements (such as <a>, <h1> tags) or  HTML characters (Like &#151), the ASP.NET page framework raises an error.

Example , text field in the form and server side button which post this form data to server, if operator typed some text containing html tag such as <a href="aaa"> in textbox and click on button for postback at that time asp.net raise Error for request validation.

There are special configuration settings for .Net 4.0 .

There are two Possible solutions for this.

Solution 1 :
    Make server side configuration setting for this.
    If you want to allow HTML element as input from selected pages in your project than you set this page attribute.
    <%@ Page ValidateRequest="false" %>
    This ValidateRequest="false" on each page.
    If you want in all pages in you project than make changes in Web.Config file.
    Add this tag In <system.web> section.
  <pages validateRequest="false" />
    If you are using .Net 4.0 than you have to make one more change in Web.Config file.
    Add this tag In <system.web> section.
    <httpRuntime requestValidationMode="2.0" />
   
    Here are configuration for do not validate request for all pages in .Net 4.0
    <configuration>
      <system.web>
         <httpRuntime requestValidationMode="2.0" />
      </system.web>
      <pages validateRequest="false">
      </pages>
    </configuration>

Solution 2 :
    Make Client side changes.
    Encode HTML tag at client side before it submitted to server.
    Example :
        &lt;a&gt; for <a> tag.
        &lt;b&gt; for <b> tag.

These are the two possible solutions you can implement in you project.

11 comments:

  1. am getting this issue in my project a potentially dangerous request.form value was detected from the client in asp.net c# am using and in web.config file using

    ReplyDelete
  2. Thank you so much for sharing your brilliant thoughts with us. Visit Ogen Infosystem for creative Website Designing and SEO Services in Delhi, India.
    Website Designing Company in Delhi

    ReplyDelete
  3. Thank you for sharing such informative information with us. If are you searching for Website Designing Company in Hyderabad. So visit.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. BIS Certification and Some Important Facts

    Regardless of their country of origin, all producers are required to register for the BIS certification for importing the products into India.
    Each and every product is tested for safety and reliability as per the Indian standard.
    ISI Consultants
    BIS Certification
    ISI Mark Consultants
    BIS Mark Certification
    A local representative in the form of BIS consultant is important to be appointed by foreign producers for getting the BIS certification.
    Once BIS certification is given, a unique registration number is allotted for each manufacturing location of the producer.

    ReplyDelete