A potentially dangerous Request.Form value was detected from the client (

Question

Possible Duplicate:
A potentially dangerous Request.Form value was detected from the client

I got error messages:

 A potentially dangerous Request.Form value was detected from the client 
 (ctl00$MainContent$textboxError=...

after I run asp.net (C#) web application. how can I fix it?

Here is my code.

using System;
using System.Data;
using System.Configuration;
using System.Web; 
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Net;
using System.Text.RegularExpressions;

namespace SMS
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
    textboxRecipient.Width = 400;
    textboxMessage.Width = 450;
    textboxMessage.Rows = 10;
    textboxError.Width = 400;
    textboxError.Rows = 5;

    textboxError.ForeColor = System.Drawing.Color.Red;
    textboxError.Visible = false;
    textboxError.Text = "";

    if (!Page.IsPostBack)
    {
        textboxRecipient.Text = "+85593840396";
        textboxMessage.Text = "Hello World!";
    }
}
protected void buttonSendOnClick(object sender, EventArgs e)
{

    if (textboxRecipient.Text == "")
    {
        textboxError.Text += "Recipient(s) field must not be empty!\n";
        textboxError.Visible = true;
        return;
    }


    string ozSURL = "http://127.0.0.1"; //where Ozeki NG SMS Gateway is running
    string ozSPort = "9501"; //port number where Ozeki NG SMS Gateway is listening
    string ozUser = HttpUtility.UrlEncode("tenh"); //username for successful login
    string ozPassw = HttpUtility.UrlEncode("tenh123"); //user's password
    string ozMessageType = "SMS:TEXT"; //type of message
    string ozRecipients = HttpUtility.UrlEncode(textboxRecipient.Text); 
    string ozMessageData = HttpUtility.UrlEncode(textboxMessage.Text); 

    string createdURL = ozSURL + ":" + ozSPort + "/httpapi" +
        "?action=sendMessage" +
        "&username=" + ozUser +
        "&password=" + ozPassw +
        "&messageType=" + ozMessageType +
        "&recipient=" + ozRecipients +
        "&messageData=" + ozMessageData;

    try
    {

        HttpWebRequest myReq = (HttpWebRequest)WebRequest.Create(createdURL);


        HttpWebResponse myResp = (HttpWebResponse)myReq.GetResponse();
        System.IO.StreamReader respStreamReader=new 

      System.IO.StreamReader(myResp.GetResponseStream());
        string responseString = respStreamReader.ReadToEnd();
        respStreamReader.Close();
        myResp.Close();

        //inform the user
        textboxError.Text = responseString;
        textboxError.Visible = true;
    }
    catch (Exception)
    {

        textboxError.Text = "Ozeki NG SMS Gateway Server is not running!";
        textboxError.Visible = true;
    }

  }
  }
  }

I already add codes below to my web.config :

   validateRequest="false" and requestValidationMode="2.0"

Duplicate of this: http://stackoverflow.com/questions/11825025/a-potentially-dangerous-request-form-value-was-detected-from-the, this: http://stackoverflow.com/questions/11838852/a-potentially-dangerous-request-form-value-was-detected-from-the-client and countless other questions here. You've asked this same question 3 times.. why are you asking the same thing 3 separate times? — Simon Whitehead, Aug 07 '12 at 04:27
@SimonWhitehead I also know that this is a third time but the other questions also does not have accepted answers and no proper solution. — Moons, Aug 07 '12 at 04:33
Does this error occur every time you click the "buttonSend" Button? For the First time also it doesn't work? — shajivk, Aug 07 '12 at 04:37
this error is occur when i click on button Send in second time — Toeur Tenh, Aug 07 '12 at 04:47
@Shree Khanal: i asked this question because it's not work for their answer. — Toeur Tenh, Aug 07 '12 at 04:49
@ToeurTenh The Second time when you click the button, The value "textboxError" is getting posted to the server. Can you use a label to display the "responseString" instead of showing in a textbox? Or can you use Javascript to Clear the value of the textbox before posting? — shajivk, Aug 07 '12 at 05:45

Waqar Janjua · Accepted Answer · 2012-08-07T05:10:54.347

2

Don't know why validateRequest="false" is not working. Error Reason: Because you are getting data from a web page which contains Html tags and textbox text property does not allow to assign html strings to it, so you have to use a method which converts html tags to their equivalent code. Use HTML.Encode Method while assigning responseString to the textboxError.Text. This method converts potentially unsafe characters to their HTML-encoded equivalent.

textboxError.Text = Server.HTMLEncode(responseString);

edited Aug 07 '12 at 05:10

answered Aug 07 '12 at 05:03

Waqar Janjua

6,113
2
26
36

thanks for your nice answer. but after i used textboxError.Text = Server.HTMLEncode(responseString); i got error codes like this <Responses><Response0><Action>sendMessage</Action><Data><AcceptReport><StatusCode>0</StatusCode><StatusText>Message accepted for delivery</StatusText><MessageID>03a22ae5-e604-4fb6-9670-336294905a9d</MessageID><Recipient>+85593840396< i used HTML.Encode only on textboxError.Text = Server.HTMLEncode(responseString); – Toeur Tenh Aug 07 '12 at 07:17
this method converts html tags to their corresponding codes see the msdn documentation. http://msdn.microsoft.com/en-us/library/ms525347%28v=vs.90%29.aspx Also you can use Regex to remove html tags. `String result = Regex.Replace(responseString, @"<[^>]*>", String.Empty);` for more info http://stackoverflow.com/questions/787932/using-c-sharp-regular-expressions-to-remove-html-tags – Waqar Janjua Aug 07 '12 at 10:26
also you can use asp:literal control instead of text like this `` Then you dont have to use Html.Encode method or rejex to remove html. read more about it on msdn – Waqar Janjua Aug 07 '12 at 10:35
i used String result = Regex.Replace(responseString, @"<[^>]*>", String.Empty); to remove html tage after i got this error: sendMessage0Message accepted for delivery75d9c6f1-515f-43f6-9b7b-5c2482ce95e8+85568922903. what is problem? – Toeur Tenh Aug 08 '12 at 08:45
they don't tell about line. this error alert when i click on send button – Toeur Tenh Aug 08 '12 at 11:02
if use aspliteral control then you don't have to use regex try it. I'm sure it will work, take an example from msdn – Waqar Janjua Aug 08 '12 at 11:03
i did not used asp:literal. i normally just used asp.net control, so? – Toeur Tenh Aug 09 '12 at 01:43
if i used asp:literal , should i used HTML Encode? – Toeur Tenh Aug 09 '12 at 01:46
when i run my web application it display this (sendMessage ) so i want to encode this, how can i do? – Toeur Tenh Aug 09 '12 at 01:54
if you use asp:literal control then you don't have to use Html.Encode function. – Waqar Janjua Aug 09 '12 at 13:28
Thanks for all your answer. now i want to asked one more question. How to get Panasonic Camera IP in asp.net (C#)? – Toeur Tenh Aug 13 '12 at 02:08
plz post a new question. – Waqar Janjua Aug 13 '12 at 06:10
in this account i can not post new question. i don't know why. Sorry, we are no longer accepting questions from this account. See http://goo.gl/C1Kwu to learn more. – Toeur Tenh Aug 16 '12 at 02:08

A potentially dangerous Request.Form value was detected from the client (

1 Answers1

Linked