1

I have a textbox which I need to enter html code into (like < strong> or < em> for example).

The trouble is this is causing an error writing this back to the database.

A potentially dangerous Request.Form value was detected from the client (tbVOther="< strong>test

Is there a way around this without turning off the request validation setting?

abatishchev
  • 98,240
  • 88
  • 296
  • 433
Tom
  • 12,776
  • 48
  • 145
  • 240
  • 1
    possible duplicate of [A potentially dangerous Request.Form value was detected from the client ](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client) – Graham Clark Jan 19 '11 at 13:08
  • I would agree its a duplicate. – Peter Jan 19 '11 at 14:57
  • Yeah, I searched for the wrong thing... Should have searched for the actual error message I got. – Tom Jan 19 '11 at 15:29

3 Answers3

1

It might be easier sanitising the input via Javascript replacing the offending characters with safe ones i.e replacing <> with ^ instead

Dean
  • 5,896
  • 12
  • 58
  • 95
1

At the top of your page you'll need to set the following property:

 <%@ Page ValidateRequest="false" etc.... %>

Validate Request will make sure that these values can be posted back to the server. But keep in mind that there are reasons why this is set to true by defailt and you should be careful to make sure people can't submit javascript functions/calls, etc... through your editor.

Peter
  • 9,643
  • 6
  • 61
  • 108
0

There is a server setting to prevent posting of HTML that need to be switched of for this to work, I do not remebre where though.

Just make sure that you do correct sanitisation on your own before admitting to the database ;)

David Mårtensson
  • 7,550
  • 4
  • 31
  • 47