Friday, August 17, 2007

A potentially dangerous Request.Form value was detected from the client

It means that you can't post values containing HTML ( or script ) tags to the server. In other words - if you have a textbox and the visitor enters something like
< script> alert('a') < "/ script> and then presses Submit button this error will occur since the posted value(s) contains HTML tags.,it's for security reasons.to prevent this you can add a tag validateRequest="false" into the Page-directive on top of the page you want users to be able to input HTML and script tag or you can write in the web.config fileit will affect all pages on your site.You can read more at ASP.Net site.

4 comments:

Anonymous said...

<"/script>

we dont put inverted comma here :P

Arshad Rasheed said...

ya right..we dont put " in the script tag. i wrote it in my post because wihout this the script was executing here :), it ws not handeld properly by the blogger.com

Prasad Gurla said...
This comment has been removed by the author.
Prasad Gurla said...

but remember that if you turn validation off and use labels instead of literal controls to display text…it could be a security problem and code could be executed through textboxes. More explained here.

prasad.