When submitting the form, Asp.net prompts: "a potentially dangerous request. form value is detected from the client ". The request verification feature in Asp.net provides a certain level of protection measures to prevent XSS attacks. Asp.net's request verification is enabled by default. This section provides solutions for various versions of. net.
Asp.net 2.0 Solution
Method 1:
Add validaterequest = "false" to the page entry in the. aspx file as follows:
<% @ Page validaterequest = "false" Language = "C #" autoeventwireup = "true" codefile = "test2.aspx. cs" inherits = "Test2" %>
Method 2:
Modify the Web. config configuration file
<System. Web>
<Pages validaterequest = "false">
</Pages>
</System. Web>
Summary:We know that validaterequest is to disable verification, that is, to submit a value with tags, such as <strong> bold </strong>, ASP. NET will not report an error. Solution 1 is recommended because solution 1 only modifies the page test. aspx. If solution 2 is used, the entire solution changes to validaterequest = "false ".
Asp.net 4.0 Solution
The 4.0 and 2.0 methods are the same, but note that from. net Framework 4.0, Asp.net began to force detection of request parameter security, and we can modify the web. config to restore the 2.0 mode.
As follows:
Modify web. config and add the requestvalidationmode = "2.0" attribute value.
<System. Web>
<Httpruntime requestvalidationmode = "2.0" type = "codeph" text = "/codeph"/>
<Pages validaterequest = "false"> </pages>
</System. Web>
4.0 has a requestvalidationmode. What does this mean?
Requestvalidationmode has two values:
• 2.0 only enables request verification for webpages. Whether it is enabled or disabled depends on validaterequest.
• Default value 4.0. Request verification is enabled for any HTTP request, that is, not only webpage, but also cookie. This is mandatory, regardless of the value of validaterequest.
Because requestvalidationmode = "4.0" is forcibly enabled, we will find that in. NET Framework 4.0, only setting validaterequest cannot close request verification, and we have to set requestvalidationmode to 2.0.
The request. form value that is potentially dangerous is detected from the client.