When submitting a form, the asp: "From the client (...) Potentially dangerous Request.Form value "is detected in the The request validation feature in ASP. NET provides a level of protection against XSS attacks, and ASP. NET request validation is initiated by default. This gives a workaround for each version of. Net.
ASP. NET 2.0 Common workaround
Programme one:
Add the page item in the. aspx file validaterequest= "false", as follows:
<%@ page validaterequest= "false" language= "C #" autoeventwireup= "true" codefile= "Test2.aspx.cs" inherits= "test2"% >
Scenario Two:
Modify the Web. config configuration file
<system.web> <pages validaterequest= "false" > </pages> </system.web>
Summary: validaterequest This sentence we know is to close the validation, that is, to submit tagged, such as <strong> bold </strong> such values, ASP. It is recommended to use scenario one because the scheme modifies the Test.aspx page only, and if you use scenario two, the entire solution becomes validaterequest= "false".
ASP. NET 4.0 Workaround
4.0 and 2.0 are the same, but it is important to note that starting with the. Net Framework 4.0, the ASP begins to force the detection of the request parameter security, and we can restore the 2.0 version of the schema by modifying the Web. config.
Here's how:
Modify Web. config to increase requestvalidationmode= "2.0" property value
<system.web>
4.0 more a requestvalidationmode, what does that mean?
The Requestvalidationmode has two values:
2.0 request validation is enabled for Web pages only. Whether it is enabled or closed depends on the validaterequest.
4.0 default value. Any HTTP request will enable request validation, which means not just the Web page, but also cookies. This is enforced at this time, regardless of the validaterequest value.
Since requestvalidationmode= "4.0" is mandatory, we will find that setting up validaterequest in the. NET Framework 4.0 is not a request verification The Requestvalidationmode is set to 2.0.