Solution for potentially dangerous request. form value errors detected from the client

Server error in the "/News" application.
A potentially dangerous request. form value is detected from the client (ftbcontent = "<p> <a href =" http: // L.

Note:The request verification process detects potentially dangerous client input values, and the processing of the request has been aborted. This value may indicate attempts to compromise application security, such as cross-site scripting attacks. By running the page command or Set validaterequest = false in the configuration section to disable request verification. However, in this case, it is strongly recommended that the application explicitly check all input.

Exception details:System. web. httprequestvalidationexception: slave client (ftbcontent = "<p> <a href =" http: // L... ") detected a potentially dangerous request. form Value

The above is the system error message. The reason is that in ASP. in NET 1.1, after the validaterequest attribute on the @ page command is opened, check to make sure that the user does not send potentially risky HTML tags in the query string, Cookie, or form field. If this situation is detected, an exception is thrown and the request is aborted. This attribute is enabled by default. You do not need to perform any operation to protect it. If you want to allow HTML markup to pass, you must manually disable this attribute.

Solution:

Method 1. Modify the. aspx File

Add validaterequest = "false" to the. aspx file, for example:

<% @ Page validaterequest = "false" Language = "C #" codebehind = "writenews. aspx. cs" autoeventwireup = "false" inherits = "news. writenews" %>

Method 2: configure the Web. config file
<? XML version = "1.0" encoding = "UTF-8"?>
<Configuration>

<System. Web>

<! -- This statement must be added when writenews. aspx uses the content edit box. Otherwise, the request value cannot be added.
-->
<Pages validaterequest = "false"/>

</System. Web>
</Configuration>

Recommended method 1.