0

My site is half MVC and half webforms and if someone tries to pass a malicious URL to my site they get a YSOD with a HttpRequestValidationException being thrown. I'd love to catch this and handle it gracefully by using Application_Error() in Global.asax.cs since that is the standard that has already been set in this app. For whatever reason though these particular exceptions seem to fire off before Application_Error() can get a hold of them.

Any help is appreciated.

example malicious URL: localhost/site/user/login?foo=<bar></bar>

Charles
  • 26
  • 1
  • 2
  • 2
    Those errors come from high up in the pipeline and form part of the protection from Xss. You can look here for some examples of how it can be dealt with. However, since it is on the url, your mileage may var. https://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client – Slicksim Jul 21 '17 at 15:13
  • @Slicksim Yeah that's kind of what I've been reading on, _apparently_ these error are supposed to filter down to the application_error() but they aren't for me. I'll keep poking around those answers though, thanks for the reference. – Charles Jul 21 '17 at 15:19

0 Answers0