How to handle "A potentially dangerous Request.Form value was detected from the client"

Hello,

I know why the "A potentially dangerous Request.Form value was detected
from the client" error happens, and I know it can be avoided by setting
validateRequest to false, but is there a way of handling the error
rather than disabling it?

I have a form where I don't want people to be able to enter HTML, but I
don't want to show this ugly error if they do. I would like to be able
to catch the error and handle it myself by encoding the user's input,
rendering the HTML harmless.

Any ideas? Thanks,
Alan

--
Alan Silver
(anything added below this line is nothing to do with me)

Use javascript to encode the input from the control/textbox before submitting

Use javascript to encode the input from the control/textbox before
submitting to the server. Be aware that browsers who run with javascript
will circumvent this.

--
Regards,
Alvin Bruney

Auther Plug
OWC Blackbook now on download at www.lulu.com/owc

How to handle "A potentially dangerous Request.Form value was detected from the client"

In article <AF7E1D9E-9077-4D32-B989-5416A0143921@microsoft.com>, "Alvin
Bruney [ASP.NET MVP]" <vapor@dan.a.invalid> writes

Thanks, but that wasn't what I meant.

I don't want to allow any HTML in the input. I just want to be able to
catch the error and redisplay the page with a message, instead of the
default ASP.NET error page (which isn't very user-friendly).

Thanks anyway

--
Alan Silver
(anything added below this line is nothing to do with me)

How to handle "A potentially dangerous Request.Form value was detected from the client"

On Jan 1, 11:53=A0am, Alan Silver <alan-sil...@nospam.thanx.invalid>

This is what we use.  In the Application_Error event of Global.asax
we have the following:

Exception ex =3D Server.GetLastError();

if (ex is HttpRequestValidationException)
{
Response.Redirect("~/Errors/RequestError.aspx");
return;
}

We found that we were unable to trap the event on the page, but we
could handle it here.

Hope this helps

How to handle "A potentially dangerous Request.Form value was detected from the client"

In article
ZRat <zaudtke@gmail.com> writes

Thanks, that's about as far as I got too. It seems poor design that you
can't capture this error and handle it. I don't want to send them to an
error page, I want to show them the same page again so they can change
their input.

Ho hum ;-)

--
Alan Silver
(anything added below this line is nothing to do with me)

How to handle "A potentially dangerous Request.Form value was detected from the client"

On Dec 29 2008, 7:49=A0pm, Alan Silver <alan-

You can handle it in the page.  Override the OnError sub

Protected Overrides Sub OnError(ByVal e As System.EventArgs)
'handle the error here.  You may want to check the error msg because
this will trap all errors.
context.clearerror()

End Sub

How to handle "A potentially dangerous Request.Form value was detected from the client"

In article
Larry Bud <larrybud2002@yahoo.com> writes

I tried this, but couldn't get it to work. I don't know if it was
because I'm using C#, but all the examples of using this event I could
find were in VB.NET which made me wonder.

--
Alan Silver
(anything added below this line is nothing to do with me)