I have a textarea in my web page. When I type "Test&#" as a word and save its giving me an error "Internal server error occurred". this issue occurs only when I type "&#" together
Asked
Active
Viewed 67 times
1
-
What did your debugger tell you? (assuming you have it set to stop on all exceptions) – Rowland Shaw Mar 26 '14 at 12:49
-
There is no way to answer without seeing the server-side code that fails. `` can start an HTML entity, so it might be the symptom of the problem, but the root cause lies in your code. – Frédéric Hamidi Mar 26 '14 at 12:49
-
it will not come to the server side – Mathew Paul Mar 26 '14 at 12:50
-
When i searched the event log i found the following message "Message: A potentially dangerous Request.Form value was detected from the client (m$cm$xg$ctl38$ctl00="")." – Mathew Paul Mar 26 '14 at 12:51
-
The web server might be rejecting the request because it contains an incomplete (and unparseable) numeric HTML entity, then. *Edit: from your previous comment, that's exactly what's happening.* – Frédéric Hamidi Mar 26 '14 at 12:51
-
@FrédéricHamidi I didn't understand unparseable its simply a string right – Mathew Paul Mar 26 '14 at 13:35
-
2@Mathew, yes, but it should be of the form `
;`, so the lack of a number may prevent the server from parsing the entity correctly. However, maybe that's only the request validation routines that doesn't like one of the characters, I would suggest investigating with the `ValidateRequest` page attribute described [here](http://msdn.microsoft.com/en-us/library/vstudio/ydy4x04a%28v=vs.100%29.aspx). – Frédéric Hamidi Mar 26 '14 at 13:41 -
for me it is simply a string that contains in it can this be solved in any manner – Mathew Paul Mar 26 '14 at 13:50
1 Answers
1
This is "request validation" kicking in. See https://stackoverflow.com/a/7615149/59641 for a workaround.
Note: please take care that you're always validating the input yourself to make sure it meets your business logic, and always encode it appropriately before displaying it in a page or otherwise transmitting it to the user.
