开发者

Problem with System.Web.HttpRequestValidationException

开发者 https://www.devze.com 2023-03-25 06:12 出处:网络
I am stuck in the middle of a problem System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client for a week. This occurs due to multiline textb

I am stuck in the middle of a problem System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client for a week. This occurs due to multiline textbox.To solve this I added a property "Validation Request=false" in the header of the page and in web.config page. But it has 开发者_如何学Pythonnot worked. Pls help me out. I want to save <span></span> tag with the help of a multiline textbox into a database. It is during that time this prob occurs. Otherwise it works properly.


Add the following attribute to your httpruntime tag in web.config:

<httpRuntime requestValidationMode="2.0" />

After setting this value, set validateRequest="false" in the pages tag:

<pages validateRequest="false"> 


I think you better encode your html before sending it to the database

Use Server.Encode(YourTextBoxId);

for example if your command is like :

cmd.Parameters.AddWithValue("@htmlcodefromtextbox", TextBox1.Text);

try this instead

cmd.Parameters.AddWithValue("@htmlcodefromtextbox",  Server.Encode(YourTextBoxId));

and if your Command is like:

cmd.Parameters.Add("@htmlcodefromtextbox", SqlDbType.Text).Value = TextBox1.Text;

use this instead

cmd.Parameters.Add("@htmlcodefromtextbox", SqlDbType.Text ).Value =Server.HtmlEncode( TextBox1.Text);

i am Sure this will do finely.


You need to add EnableEventValidation="false" either in the page directive of the afflicted page or in the web.config.

It isn't advised however and enabling it means you should take stringent steps to sanitise the input as much as possible.

Regards

Si

0

精彩评论

暂无评论...
验证码 换一张
取 消