0

I have a website and someone (every time the same) is trying to send me a message through a textbox (he adds some html code where he shouldn't) and the error is raised.

Unfortunately, all I can get are messages like this one ="...chemistry http://cra..." so it`s no way that I can understand what he try to tell me.

My question is: how I can expand that text characters length limit or handle my own error so I can get the whole message?

ssilas777
  • 9,672
  • 4
  • 45
  • 68
Nițu Alexandru
  • 714
  • 1
  • 11
  • 33
  • http://stackoverflow.com/questions/9130186/a-potentially-dangerous-request-form-value-was-detected-from-the-client – ssilas777 Jan 18 '14 at 10:07
  • Not the same. I want the error to appear, but I want to know what the request is (basically the text entered in the textbox). – Nițu Alexandru Jan 18 '14 at 10:16

1 Answers1

0

In your Global.asax, put an Application_Error event handler in to catch all errors that occur, which should include this one.

Sub Application_Error(object sender, EventArgs e)
{
   var ex = Server.GetLastError();
   if (ex != null)
      //Log it
}
Brian Mains
  • 50,520
  • 35
  • 148
  • 257
  • This is the current code, but the error message is like this: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ContentPlaceHolder1$hdnMessage="...chemistry – Nițu Alexandru Jan 18 '14 at 15:53
  • OK, if hdnMessage contains a `<`, that will do it. It's quite possible for two reasons, there is some HTML getting injected into the hidden (which can be intended or not) or the HTML is not formed properly and an end tag is missing, which is including the ` – Brian Mains Jan 20 '14 at 00:40
  • The html text is injected and is intended. it is a message so I am curious about what is it. It is injection indeed and the error should be displayed, but I would like to know the html text which is injected. Thank you! – Nițu Alexandru Jan 28 '14 at 17:29
  • It won't tell you which HTML text unfortunately. And you can check the Request.FOrm collection, but that might not have the suspecting value. That can be the challenge with ASP.NET; they have all these features to "help" you, but they don't always help you. – Brian Mains Jan 29 '14 at 13:48