0

I am creating an ASP.NET application using C# for the scripting language. When I enter HTML code into the textboxes on my webpage I get the following exception 'A potentially dangerous Request.Form value was detected', as expected. I would like to be able to catch this exception so that I can put an error message out to the user, but I can only find articles on how to disable the validation; this is not something I'd like to do. Does anybody know where in the ASP.NET page lifecycle this exception would have to be handled, as I am having trouble catching it.

Thanks you.

Lord Cat
  • 401
  • 4
  • 13

2 Answers2

0

to allow the html character you need to
change the attribute value of page directive <%@ Page ValidateRequest="false" you can apply this as global level via web.config file inside <system.web> section

<pages validateRequest="false" />

Note: But always avoid the last example because there is a huge security issue. The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks.

Pankaj Dey
  • 64
  • 3
0

I don't know 100% if this would work, but I do something similar for other situations, so I think it will. But try adding an Application_error handler in the global.asax, and look for that exception type, if Server.GetLastError() returns that exception type, try redirecting to your error page. I don't know what the exception type is, but that is easy to find (or just check the message).

Something like:

void Application_Error(..)
{
   var ex = Server.GetLastError();
   if (ex != null && ex is <whateverexceptiontype>) { // or check ex.Message matches
     HttpContext.Current.Response.Redirect("niceerrorpage.aspx")
   }
}
Brian Mains
  • 50,520
  • 35
  • 148
  • 257