ASP.NET Javascript Error on Input

Question

My ASP.NET page has an <asp:TextBox /> whose text input is encoded via HttpUtility.HtmlEncode();

The page also contains validators such as <asp:RequiredFieldValidator /> and <asp:CustomValidator /> as well as several AJAX toolkit <toolkit:ValidatorCalloutExtender />

If the user inputs </ as the text in the textbox, a Javascript error

A potentially dangerous Request.Form value was detected
from the client (ctl00$contentPlaceHolder$ucLookup$tbxLastName=&quot;&lt;/&quot;)

happens when the form is submitted. I have tried adding various event handlers such as

protected void Page_PreInit(object sender, EventArgs e){}
protected void Page_Init(object sender, EventArgs e){}
protected void Page_PreLoad(object sender, EventArgs e){}

and setting breakpoints but none of them are hit, leading me to believe the error only happens client-side.

How can I debug this error? Are there any hooks which allow me to intercept the user's input and filter or encode it before it causes this issue?

If its javascript error, then try using firebug in firefox browser to debug the javascript or if its in internet explorer, under settings -> advanced, uncheck the Disable javascript debugging option. You should hit the error in javascript where it throws. — Sachin Shanbhag, Sep 14 '10 at 17:08
Thanks. Using firebug, the error is: A potentially dangerous Request.Form value was detected from the client (ctl00$contentPlaceHolder$ucLookup$tbxLastName="</"). Any ideas on how to intercept the input before it attempts to validate on the client-side? Specifically I'd rather not set validateRequest="false" on all my pages... — Alex, Sep 14 '10 at 17:13

score 1 · Accepted Answer · edited May 23 '17 at 12:18

1

Try checking out the suggestions in this thread: A potentially dangerous Request.Form value was detected from the client

edited May 23 '17 at 12:18

Community

1
1

answered Sep 14 '10 at 17:23

Mike Hofer

16,477
11
74
110

score 0 · Answer 2 · answered Sep 14 '10 at 17:39

0

For this Potentially dangerous error, you can do the following and see if it helps -

Add the line: <pages validateRequest="false" /> inside the <system.web> section

answered Sep 14 '10 at 17:39

Sachin Shanbhag

54,530
11
89
103

Per a comment above, is there a way to do this without setting validateRequest="false"? Is there a hook that fires before the validation occurs that I can intercept? – Alex Sep 14 '10 at 18:49

ASP.NET Javascript Error on Input

2 Answers2