0

The parameters contain some format information like bold, italic and etc. It turns out that this is prohibited.

there is this text editor and a button. once we click the button, we would pass the text to the server side and save it in the database.

here is the error information:

A potentially dangerous Request.QueryString value was detected from the client (text="efh<b>esy</b>ytry").

Description: ASP.NET has detected data in the request that is potentially dangerous because it might include HTML markup or script. The data might represent an attempt to compromise the security of your application, such as a cross-site scripting attack. If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see http://go.microsoft.com/fwlink/?LinkID=212874.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (text="efh<b>esy</b>ytry").

how to solve this issue?

Community
  • 1
  • 1
  • 1
    `If this type of input is appropriate in your application, you can include code in a web page to explicitly allow it. For more information, see` http://go.microsoft.com/fwlink/?LinkID=212874. ... Did you read that link? – SLaks Apr 22 '13 at 19:38
  • Why do you need to pass HTML in the querystring? – MikeSmithDev Apr 22 '13 at 19:41

1 Answers1

2

Try:

<system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

Reference: ValidateRequest="false" doesn't work in Asp.Net 4

Community
  • 1
  • 1
Ian
  • 50,146
  • 13
  • 101
  • 111