Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Controls > html markup allowed in textbox even though validaterequest=true

Reply
Thread Tools

html markup allowed in textbox even though validaterequest=true

 
 
Andy Fish
Guest
Posts: n/a
 
      10-27-2004
Hi,

I have a web form with 2 text boxes on it. I have not set
validateRequest=false in the @page directive so request validation should be
on.

One of the text boxes correctly gives the "A potentially dangerous
Request.Form value..." Exception when trying to enter HTML markup. However,
the other one allows it through.

The form is rather large and complex so I can't just post the whole thing
here, but does anyone know how one textbox would be able to skip the form
validation feature?

TIA

Andy


 
Reply With Quote
 
 
 
 
Andy Fish
Guest
Posts: n/a
 
      10-27-2004
OK, I figured out what was happening. I wasn't comparing like with like.

What actually happens is that the page validation does not throw out all
html markup. it allows end tags but not start tags. So it's possible to put
in something like "</td></tr></table>" into a textbox which will screw up
the display but I guess this wouldn't normally be 'dangerous'

"Andy Fish" <(E-Mail Removed)> wrote in message
news:%232ppow$(E-Mail Removed)...
> Hi,
>
> I have a web form with 2 text boxes on it. I have not set
> validateRequest=false in the @page directive so request validation should
> be on.
>
> One of the text boxes correctly gives the "A potentially dangerous
> Request.Form value..." Exception when trying to enter HTML markup.
> However, the other one allows it through.
>
> The form is rather large and complex so I can't just post the whole thing
> here, but does anyone know how one textbox would be able to skip the form
> validation feature?
>
> TIA
>
> Andy
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU Usage frequently 100% even though it seems not even close tototal memory Newcomer Computer Support 3 11-15-2009 06:51 AM
CPU Usage frequently 100% even though it seems not even close tototal memory Newcomer Computer Support 0 11-14-2009 11:21 PM
Is there a way to add HTML markup to a Textbox.Text property? =?Utf-8?B?bmhheWRvbg==?= ASP .Net 2 07-20-2006 03:27 PM
SSID called HOME even though I have configured another SSID =?Utf-8?B?bXJ3b25n?= Wireless Networking 0 03-26-2006 10:50 PM
Computer shows my Wireless Router as unsecured even though I set up a key. topherdaniel@gmail.com Wireless Networking 4 11-10-2005 07:16 PM



Advertisments