0

Webform1.aspx has grid.Grid contain edit button. On click of edit button, user is redirected to webform2.aspx page. A Querystring id is passed to Webform2.aspx. Webform2.aspx shows all data of that id. Webform contain dropdownlist, textboxes and button etc.

I am fetching record from database and assigning to control like dropdownlist, textbox and button. When assigning value to textbox that contain < or > and trying to update the record. It throws an exception. Exception is A potentially dangerous Request.Form value was detected from the client. So I tried to use htmlencode method.

Below is my code In cs file 

 public partial class Webform1 : System.Web.UI.Page
    {
     string strUrl="";
    protected void Page_Load(object sender, EventArgs e)
    {

    // Fetching value from database and assigning to string   
    Textbox1.Text= dr["URL"].ToString();
    // directly use string 
   //strUrl= dr["URL"].ToString();
    }

    protected void button_Click(object sender, EventArgs e)  
    {
    string s2 ="";  
    string s3 = "";             
    strUrl= Textbox1.Text;                   
         if ((strUrl.Contains("<")) || (strUrl.Contains(">")))
         {
           s2 = Server.HtmlEncode("<");
           s3 = Server.HtmlEncode(">");
           strUrl= strPingUrl.Replace("<", s2);
           strUrl= strPingUrl.Replace(">", s3);                                    
       }
     Textbox1.Text =strUrl; 
    // updation code

When I will try to insert it throws exception.Instead of assigning value to textbox if i use string.It is working. I am able to update the record. But I don't want like this. User can change the value in textbox. So I want to take value from textbox.

Ravimallya
  • 6,550
  • 2
  • 41
  • 75
Jui Test
  • 2,399
  • 14
  • 49
  • 76
  • Did you check this? http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client?rq=1 – Ravimallya Mar 25 '15 at 05:34
  • Yes I visited that page.I don't want use this code. – Jui Test Mar 25 '15 at 05:39
  • Try http://www.codeproject.com/Tips/423413/Submit-HTML-Text-with-Page-Validation-Turned-On – Amit Mar 25 '15 at 06:13
  • I have one suggestion. Use Webmethod/webservice and jquery ajax to submit the data with plain html form elements. However, I'm still unsure whether this will also encounter similar issue or not. I have not tried. – Ravimallya Mar 25 '15 at 09:21

1 Answers1

-1

To disable request validation on a page you must set the validateRequest attribute of the Page directive to false:

<%@ Page validateRequest="false" %>

To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the section to false:

<configuration>
   <system.web>
      <pages validateRequest="false" />
   </system.web>
</configuration>

If you wish to disable request validation for all applications on your server, you can make this modification to your Machine.config file.

In .NET 4 you may need to add to web.config: 

 <httpRuntime requestValidationMode="2.0" />

Details:

  1. http://www.asp.net/whitepapers/request-validation
  2. http://www.asp.net/whitepapers/aspnet4/breaking-changes#0.1__Toc245724857
Yuriy A.
  • 750
  • 3
  • 19