4

so I've been running into some problems where in various parts of my website I'm developing, I'm displaying some logs that contain < and > symbols in various spots. Well when I display the log it works fine. Of course anytime I navigate away I get an error of:

A potentially dangerous Request.Form value was detected from the client ...

Now I understand it's because < and > are html special characters which I get. But, is there any way to disable or somehow allow the page to display / process those? I know I could strip those characters out of anyplace they may appear, but I'd rather not if I don't have to.

Any suggestions?

John Saunders
  • 160,644
  • 26
  • 247
  • 397
Seril
  • 499
  • 4
  • 9
  • 22

4 Answers4

5

You didn't post any code, so I will assume you want something along the lines of:

<textbox><</textbox>

It's simple really, HTML encode your content:

<textbox>&lt;</textbox>

You can use HttpUtility.HtmlEncode to do this.

zzzzBov
  • 174,988
  • 54
  • 320
  • 367
2

Replace ">" with "&gt;" and "<" with "&lt;"

Read this see a list of HTMLs special entities

acermate433s
  • 2,514
  • 4
  • 24
  • 32
0

If you simply want your web application to allow form input to contain potentially dangerous characters there are a few ways to do this depending on framework. I mostly use MVC myself, where you use the [ValidateInput(false)] attribute on your controller actions.

For WebForms, I'll direct you here instead.. http://msdn.microsoft.com/en-us/library/ie/bt244wbb.aspx :)

Anders Arpi
  • 8,277
  • 3
  • 33
  • 49
0

to answer your question put ValidateRequest="false" in <%@Page...

be careful, as you are now responsible for prevent script attacks

favo
  • 5,426
  • 9
  • 42
  • 61
peroija
  • 1,982
  • 4
  • 21
  • 37