Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > A potentially dangerous Request.Form

Reply
Thread Tools

A potentially dangerous Request.Form

 
 
Alex Munk
Guest
Posts: n/a
 
      12-16-2003
Hi All,

I read the KB821343 article on this subject and I am still a bit confused
about a couple of things:

1) Am I to understand that if I install .NET frame work 1.1 on the computer
generating the application this problem will be resolved?

2) How can I find out what the offending code is doing? I really do not want
to disable Request Validation, I would rather find the problem and HTML
encode myself.

I appreciate your help.

Alex


 
Reply With Quote
 
 
 
 
Alex Munk
Guest
Posts: n/a
 
      12-16-2003
Hi me again,

Regarding point 2) in my original post I was able to determine the root
cause of the problem:

<select name="ddlForms" onchange="__doPostBack('ddlForms','')"
language="javascript" id="ddlForms" style="Z-INDEX: 118; LEFT:
700px;POSITION: absolute; TOP: 0px">
<option value="<FORMS>">&lt;FORMS&gt;</option>
<option value="Vacation Request">Vacation Request</option>
<option value="Internal Job Application">Internal Job
Application</option></select>

The problem is in the line: <option value="<FORMS>">&lt;FORMS&gt;</option>
Apparently "<FORMS>" is the culprit

Can anyone suggest how to fix the code?

Thanks,
Alex
"Alex Munk" <(E-Mail Removed)> wrote in message
news:4rFDb.48420$ea%(E-Mail Removed) le.rogers.com...
> Hi All,
>
> I read the KB821343 article on this subject and I am still a bit confused
> about a couple of things:
>
> 1) Am I to understand that if I install .NET frame work 1.1 on the

computer
> generating the application this problem will be resolved?
>
> 2) How can I find out what the offending code is doing? I really do not

want
> to disable Request Validation, I would rather find the problem and HTML
> encode myself.
>
> I appreciate your help.
>
> Alex
>
>



 
Reply With Quote
 
 
 
 
Adrijan Josic
Guest
Posts: n/a
 
      12-17-2003
http://www.tconsult.com/aspnet/secur...tially_dangero
us.aspx

try that...


>-----Original Message-----
>Hi me again,
>
>Regarding point 2) in my original post I was able to

determine the root
>cause of the problem:
>
><select name="ddlForms" onchange="__doPostBack

('ddlForms','')"
>language="javascript" id="ddlForms" style="Z-INDEX: 118;

LEFT:
>700px;POSITION: absolute; TOP: 0px">
> <option value="<FORMS>"><FORMS></option>
> <option value="Vacation Request">Vacation

Request</option>
> <option value="Internal Job Application">Internal

Job
>Application</option></select>
>
>The problem is in the line: <option

value="<FORMS>"><FORMS></option>
>Apparently "<FORMS>" is the culprit
>
>Can anyone suggest how to fix the code?
>
>Thanks,
>Alex
>"Alex Munk" <(E-Mail Removed)> wrote in message
>news:4rFDb.48420

$ea%(E-Mail Removed)...
>> Hi All,
>>
>> I read the KB821343 article on this subject and I am

still a bit confused
>> about a couple of things:
>>
>> 1) Am I to understand that if I install .NET frame work

1.1 on the
>computer
>> generating the application this problem will be

resolved?
>>
>> 2) How can I find out what the offending code is doing?

I really do not
>want
>> to disable Request Validation, I would rather find the

problem and HTML
>> encode myself.
>>
>> I appreciate your help.
>>
>> Alex
>>
>>

>
>
>.
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to try-catch potentially dangerous Request.Form value exception angus ASP .Net 1 08-04-2004 09:48 AM
Trapping a ' potentially dangerous Request.QueryString value' John Morgan ASP .Net 1 05-27-2004 06:11 PM
A potentially dangerous querystring ... [ValidateRequest] Boris ASP .Net 5 04-17-2004 05:22 PM
A potentially dangerous Request.Form value was detected from the client amit ASP .Net 1 02-26-2004 09:47 PM
Why Getting 'A Potentially Dangerous Request...' Error? Anil Kripalani ASP .Net 2 02-25-2004 06:39 PM



Advertisments