0

I am implementing a code snippet uploading feature in my website. I have replaced a textarea with CodeMirror. I plan to let users upload any code including asp.net, javascript, html, css, etc.. I know that this can be a really big security flaw.

It gives me this exception when I submit the form with any code inside the textarea:

HttpRequestValidationException was unhandled by user code.
A potentially dangerous Request.Form value was detected from the client.

I have used Html.Encode(Request.Form("mytextareaname")); to encode the snippet, but the error persists.

Basically I'd like to let users upload their code, but the site should by no way try to execute it. Maybe comment it out?

How can I achieve this?

PeterInvincible
  • 2,230
  • 5
  • 34
  • 62
  • Possible duplicate of: http://stackoverflow.com/questions/81991/, http://stackoverflow.com/questions/2955364/, http://stackoverflow.com/questions/7614978/ and http://stackoverflow.com/questions/1455528/ – David Feb 10 '13 at 22:55
  • Thanks for showing, but all those questions are about MVC, mine is about Web Pages (razor)! – PeterInvincible Feb 10 '13 at 23:02
  • It's the same solution: here is the explanation in detail: http://jwwishart.wordpress.com/2009/09/29/a-potentially-dangerous-request-form-value-was-detected-from-the-client-in-asp-net-webforms-and-mvc/ – David Feb 11 '13 at 10:10

0 Answers0