«

Happy new year, friends,

When I tested my asp.net app with a new set of data, I got the following
error:

A potentially dangerous Request.Form value was detected from the client
(TEXTAREA1="...Request = <bitMapMessage type=...").

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as a
cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

But, I knew it was just our input text of a TextArea1 box which are
accidently in xml format: e.g. XML Request = <bitMapMessage
type=0100><acceptorID>......

How can I let my app accept such kind of input info?

Thanks a lot.

Convert the string using HTMLEncode? That would be the first direction I
would look.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************


"Andrew" wrote:

> Happy new year, friends,
>
> When I tested my asp.net app with a new set of data, I got the following
> error:
>
> A potentially dangerous Request.Form value was detected from the client
> (TEXTAREA1="...Request = <bitMapMessage type=...").
>
> Description: Request Validation has detected a potentially dangerous client
> input value, and processing of the request has been aborted. This value may
> indicate an attempt to compromise the security of your application, such as a
> cross-site scripting attack. You can disable request validation by setting
> validateRequest=false in the Page directive or in the configuration section.
> However, it is strongly recommended that your application explicitly check
> all inputs in this case.
>
> But, I knew it was just our input text of a TextArea1 box which are
> accidently in xml format: e.g. XML Request = <bitMapMessage
> type=0100><acceptorID>......
>
> How can I let my app accept such kind of input info?
>
> Thanks a lot.
>

they are really TextArea1.Value pasted by copy/paste memus...

do you mean I should use HTMLEncode before submit?

"Cowboy (Gregory A. Beamer) - MVP" wrote:

> Convert the string using HTMLEncode? That would be the first direction I
> would look.
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
>
> "Andrew" wrote:
>
> > Happy new year, friends,
> >
> > When I tested my asp.net app with a new set of data, I got the following
> > error:
> >
> > A potentially dangerous Request.Form value was detected from the client
> > (TEXTAREA1="...Request = <bitMapMessage type=...").
> >
> > Description: Request Validation has detected a potentially dangerous client
> > input value, and processing of the request has been aborted. This value may
> > indicate an attempt to compromise the security of your application, such as a
> > cross-site scripting attack. You can disable request validation by setting
> > validateRequest=false in the Page directive or in the configuration section.
> > However, it is strongly recommended that your application explicitly check
> > all inputs in this case.
> >
> > But, I knew it was just our input text of a TextArea1 box which are
> > accidently in xml format: e.g. XML Request = <bitMapMessage
> > type=0100><acceptorID>......
> >
> > How can I let my app accept such kind of input info?
> >
> > Thanks a lot.
> >