1

I have an Asp.net form ( runat=Server)

Im trying to figure out what is the difference between HTML Entities and ISO Latin-1 codes - and why does one Do cause exception while the other Isnt.

I have input and button

     <input type="text"   value="<d"/>
     <asp:Button ID="s" runat="server" Text="press" />

enter image description here

when I press submit - it goes with Exception which is fine. enter image description here

1 way to solve it is by encodeUriComponent :

so putting the value :

 value="%3Cd"/>

is fine and No expcetion on submit.

Also , as we know - if i put &gt; or &lt; ( which is html entity) it wont go exception. ( it has other role in Html world - to DISPLAY '<' '>' - and not try to parse them as html...)

enter image description here

(no exception - except the second press - because when its back from the server - the textbox shows <d which is bad...

NOw lets go to the ISO Latin-1 code like here

enter image description here

now lets try to put instead of <d ----> &#60;d

enter image description here

and it goes bang !

enter image description here

1)why do i get an exception in the Latin code and not in the html entity ?

1) what is the difference between them ?

2) when should i use one or another ?

Edit

I know I can disable the checking by set validateRequest = false. but my questions are not related to this.

Royi Namir
  • 144,742
  • 138
  • 468
  • 792
  • Related question http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client – Anthony Faull Feb 29 '12 at 21:06
  • @AnthonyFaull Are you serious ? I know this command . butr my question is so detailed , and your link wont give much help...:) – Royi Namir Feb 29 '12 at 21:07

1 Answers1

1

Your Latin example contains &#. Those are exactly the characters which trigger a validation error What characters or character combinations are invalid when ValidateRequest is set to true?. So no surprise here.

Community
  • 1
  • 1
Tomas Voracek
  • 5,886
  • 1
  • 25
  • 41