asp.net "potentially dangerous Request.Form value detected from client" error solution _ Practical Tips

Source: Internet
Author: User
Tags http request

When submitting a form, ASP.net prompts: "From the client (...) A potentially dangerous request.form value was detected in the. The request validation feature in ASP.net provides a level of protection against XSS attacks, and ASP.net request validation is initiated by default.

Here are the solutions for different versions of. Net.

ASP.net 2.0 Usual solution

Programme I:

Add validaterequest= "false" to the page item in the. aspx file as follows:

<%@ Page validaterequest= "false" language= "C #" autoeventwireup= "true" codefile= "Test2.aspx.cs" inherits= "test2"% >

Programme II:

modifying Web.config configuration Files

<system.web>
<pages validaterequest= "false" >
</pages>
</system.web>

Summary:validaterequest This sentence we know is to turn off validation, that is, to submit a tag, such as <strong> bold </strong> such values, asp.net will not report an error. The use of scenario one is recommended here, as the scheme one modifies the Test.aspx page, and if you use scenario two, the entire solution becomes validaterequest= "false".

ASP.net 4.0 Solutions

4.0 and 2.0 are the same, but note that starting with the. Net Framework 4.0, ASP.net begins to force the detection of request parameter security, and we can restore the 2.0 version of the schema by modifying the web.config.

The method is as follows:

Modify Web.config to increase requestvalidationmode= "2.0" property value

<system.web>
<pages validaterequest= "false" ></pages>
</system.web>

What does it mean to have one more Requestvalidationmode in 4.0?

Requestvalidationmode has two values:

2.0 enable request verification only for Web pages. Whether it is enabled or closed depends on the validaterequest.
4.0 default values. Any HTTP request will enable request verification, which means not just a Web page, but also cookies. The force is enabled at this time, regardless of the validaterequest value.
Since requestvalidationmode= "4.0" is mandatory, we will find that only the set validaterequest is not turned off for request validation in. NET Framework 4.0. You also have to set the Requestvalidationmode to 2.0.

The above is to tell you how to solve the asp.net "from the client detected a potentially dangerous request.form value" of the wrong way, hoping to help everyone, small series will be very happy.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.