< script> alert('a') < "/ script> and then presses Submit button this error will occur since the posted value(s) contains HTML tags.,it's for security reasons.to prevent this you can add a tag validateRequest="false" into the Page-directive on top of the page you want users to be able to input HTML and script tag or you can write in the web.config file
Friday, August 17, 2007
A potentially dangerous Request.Form value was detected from the client
It means that you can't post values containing HTML ( or script ) tags to the server. In other words - if you have a textbox and the visitor enters something like
< script> alert('a') < "/ script> and then presses Submit button this error will occur since the posted value(s) contains HTML tags.,it's for security reasons.to prevent this you can add a tag validateRequest="false" into the Page-directive on top of the page you want users to be able to input HTML and script tag or you can write in the web.config file
< script> alert('a') < "/ script> and then presses Submit button this error will occur since the posted value(s) contains HTML tags.,it's for security reasons.to prevent this you can add a tag validateRequest="false" into the Page-directive on top of the page you want users to be able to input HTML and script tag or you can write in the web.config file
Subscribe to:
Post Comments (Atom)
4 comments:
<"/script>
we dont put inverted comma here :P
ya right..we dont put " in the script tag. i wrote it in my post because wihout this the script was executing here :), it ws not handeld properly by the blogger.com
but remember that if you turn validation off and use labels instead of literal controls to display text…it could be a security problem and code could be executed through textboxes. More explained here.
prasad.
Post a Comment