.NET Framework - How to handle "A potentially dangerous Request.Form value was detected from the client"
Asked By Alan Silver
29-Dec-08 07:49 PM
Hello,
I know why the "A potentially dangerous Request.Form value was detected
from the client" error happens, and I know it can be avoided by setting
validateRequest to false, but is there a way of handling the error
rather than disabling it?
I have a form where I don't want people to be able to enter HTML, but I
don't want to show this ugly error if they do. I would like to be able
to catch the error and handle it myself by encoding the user's input,
rendering the HTML harmless.
Any ideas? Thanks,
Alan
--
Alan Silver
(anything added below this line is nothing to do with me)
NVFJmAXWJFwf
(1)
Server.GetLastError
(1)
System.EventArgs
(1)
EventArgs
(1)
ASP.NET
(1)
VB.NET
(1)
Response.Redirect
(1)
Application
(1)
Alvin Bruney [ASP.NET MVP] replied...
Use javascript to encode the input from the control/textbox before
submitting to the server. Be aware that browsers who run with javascript
will circumvent this.
--
Regards,
Alvin Bruney
Auther Plug
OWC Blackbook now on download at www.lulu.com/owc
Alan Silver replied...
In article <AF7E1D9E-9077-4D32-B989-5416A0143921@microsoft.com>, "Alvin
Bruney [ASP.NET MVP]" <vapor@dan.a.invalid> writes
Thanks, but that wasn't what I meant.
I don't want to allow any HTML in the input. I just want to be able to
catch the error and redisplay the page with a message, instead of the
default ASP.NET error page (which isn't very user-friendly).
Thanks anyway
--
Alan Silver
(anything added below this line is nothing to do with me)
ZRat replied...
On Jan 1, 11:53=A0am, Alan Silver <alan-sil...@nospam.thanx.invalid>
This is what we use. In the Application_Error event of Global.asax
we have the following:
Exception ex =3D Server.GetLastError();
if (ex is HttpRequestValidationException)
{
Response.Redirect("~/Errors/RequestError.aspx");
return;
}
We found that we were unable to trap the event on the page, but we
could handle it here.
Hope this helps
Alan Silver replied...
In article
ZRat <zaudtke@gmail.com> writes
Thanks, that's about as far as I got too. It seems poor design that you
can't capture this error and handle it. I don't want to send them to an
error page, I want to show them the same page again so they can change
their input.
Ho hum ;-)
--
Alan Silver
(anything added below this line is nothing to do with me)
Larry Bud replied...
On Dec 29 2008, 7:49=A0pm, Alan Silver <alan-
You can handle it in the page. Override the OnError sub
Protected Overrides Sub OnError(ByVal e As System.EventArgs)
'handle the error here. You may want to check the error msg because
this will trap all errors.
context.clearerror()
End Sub
Alan Silver replied...
In article
Larry Bud <larrybud2002@yahoo.com> writes
I tried this, but couldn't get it to work. I don't know if it was
because I'm using C#, but all the examples of using this event I could
find were in VB.NET which made me wonder.
--
Alan Silver
(anything added below this line is nothing to do with me)
m a newbie with Asp.net, here is my problem : private void Page_Load(object sender, System.EventArgs e) { if (IsPostBack) { Label1.Text = (string)Session["test"]; } } private void Button1_Click(object sender, System.EventArgs e) { Session["test"] = "test"; } I have to click two times on the button to see test". Thanks for any help. ASP.NET Discussions System.EventArgs (1) EventArgs (1) Button (1) IsPostBack (1) PreRender (1) Load (1) Click (1) Andersson (1 two times on the button to see "test". try this : private void Button1_Click(object sender, System.EventArgs e) { Session["test"] = "test"; Label1.Text = (string)Session["test"]; } Or. . .you can try this : private
Object sender, System.EventArgs e .NET Framework I'm trying to call ButtonClick( object sender, System.EventArgs e) from a method rather than clicking the button. But I can't determine the opened up a watch window and it shows them as System.Windows.Forms.MenuItem and System.EventArgs with all their attributes. My question is how do I determine the proper values of Thanks for your time, J e r VC++.NET Discussions System.Windows.Forms.MenuItem (1) System.EventArgs (1) EventArgs.Empty (1) EventArgs (1) MenuItem (1) ButtonClick (1) Nullptr (1) Window (1) In
Coding Practice Question - Usage of System.EventArgs .NET Framework The .NET Framework provides us with built-in event handlers: System.EventHandler and the generic System.EventArgs<TEventArgs> It appears that those built-in event handler delegates are just a convenience for when_ the built-in ones listed above would suffice? Thanks. C# Discussions System.EventHandler (1) System.EventArgs (1) EventArgs.Empty (1) EventHandler (1) EventArgs (1) MyEventHandler (1) BlogMetaFinder (1) MyEventArgs (1) Frankie caspershouse.com In all the code I've seen, the standard practice is to use System.EventArgs whenever it is sufficient, that is when you do not need to pass any additional
Visual Studio .NET Discussions System.Windows.Forms.UserControl (1) UnAcknowledge.Visible (1) UnAcknowledge.Click (1) System.EventArgs (1) VB.NET (1) Acknowledge.Visible (1) Acknowledge.Click (1) System.Object (1) Hi, Try linked in the same form Public Event select_Click(ByVal sender As Object, ByVal e As System.EventArgs) Public Event new_Click(ByVal sender As Object, ByVal e As System.EventArgs) Public Event edit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Public Event delete_Click(ByVal sender As Object, ByVal e As System.EventArgs) Public Event prior_Click