asp.net "potentially dangerous Request.Form value detected from client" error solution _ Practical Tips

When submitting a form, ASP.net prompts: "From the client (...) A potentially dangerous request.form value was detected in the. The request validation feature in ASP.net provides a level of protection against XSS attacks, and ASP.net request validation is initiated by default.

Here are the solutions for different versions of. Net.

ASP.net 2.0 Usual solution

Programme I:

Add validaterequest= "false" to the page item in the. aspx file as follows:

<%@ Page validaterequest= "false" language= "C #" autoeventwireup= "true" codefile= "Test2.aspx.cs" inherits= "test2"% >

Programme II:

modifying Web.config configuration Files

<system.web>
<pages validaterequest= "false" >
</pages>
</system.web>

Summary:validaterequest This sentence we know is to turn off validation, that is, to submit a tag, such as <strong> bold </strong> such values, asp.net will not report an error. The use of scenario one is recommended here, as the scheme one modifies the Test.aspx page, and if you use scenario two, the entire solution becomes validaterequest= "false".

ASP.net 4.0 Solutions

4.0 and 2.0 are the same, but note that starting with the. Net Framework 4.0, ASP.net begins to force the detection of request parameter security, and we can restore the 2.0 version of the schema by modifying the web.config.

The method is as follows:

Modify Web.config to increase requestvalidationmode= "2.0" property value

<system.web>
<pages validaterequest= "false" ></pages>
</system.web>

What does it mean to have one more Requestvalidationmode in 4.0?

Requestvalidationmode has two values:

2.0 enable request verification only for Web pages. Whether it is enabled or closed depends on the validaterequest.
4.0 default values. Any HTTP request will enable request verification, which means not just a Web page, but also cookies. The force is enabled at this time, regardless of the validaterequest value.
Since requestvalidationmode= "4.0" is mandatory, we will find that only the set validaterequest is not turned off for request validation in. NET Framework 4.0. You also have to set the Requestvalidationmode to 2.0.

The above is to tell you how to solve the asp.net "from the client detected a potentially dangerous request.form value" of the wrong way, hoping to help everyone, small series will be very happy.