Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Problem displaying text in a TextBox...

Reply
Thread Tools

Problem displaying text in a TextBox...

 
 
The Eeediot
Guest
Posts: n/a
 
      09-27-2004
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87



--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
 
Reply With Quote
 
 
 
 
Martin Dechev
Guest
Posts: n/a
 
      09-27-2004
Hi,

Well, I guess you should read the error description more carefully. It says:

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

And now once again only the workaround:

You can disable request validation by setting validateRequest=false in the
Page directive or in the configuration section

I advise you to disable it at page level. The so-called Page directive is
the first row of each page starting with <%@ Page

Greetings
Martin
"The Eeediot" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.
----------------------------------------------------------------------------
----

A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionSte
p.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87



----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573


 
Reply With Quote
 
 
 
 
Hermit Dave
Guest
Posts: n/a
 
      09-27-2004
@Page directive has an attribute called ValidateRequest. For the values to
contain explict < > tags you will have to set it to false.
For more information refer
http://msdn.microsoft.com/library/de.../cpconPage.asp

Read this before you apply it
http://msdn.microsoft.com/library/de...pplication.asp

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"The Eeediot" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.


A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
+179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87





Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573


 
Reply With Quote
 
=?Utf-8?B?RXRoZW0gQXp1bg==?=
Guest
Posts: n/a
 
      09-27-2004

Hi,

Try using HttpUtility.HtmlEncode() . To get more info check this out;


http://msdn.microsoft.com/library/de...codeTopic2.asp

Hope this helps,

Ethem

"The Eeediot" wrote:

> Hello, Folks...
>
> I'm almost becoming a regular to this newsgroup.
>
> I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.
>
> TIA.
> Server Error in '/' Application.
> --------------------------------------------------------------------------------
>
> A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
> Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
>
> Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
>
> Source Error:
>
> An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
> System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
> System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
> System.Web.HttpRequest.get_Form() +121
> System.Web.UI.Page.GetCollectionBasedOnMethod() +70
> System.Web.UI.Page.DeterminePostBackMode() +47
> System.Web.UI.Page.ProcessRequestMain() +2106
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
> System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87
>
>
>
> --------------------------------------------------------------------------------
> Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322

 
Reply With Quote
 
Karl Seguin
Guest
Posts: n/a
 
      09-27-2004
You have to disable the validateRequest via either the:
Page directive:
<%@ Page ... validateRequest="false" %>

or the web.config:
<system.web>
<pages validateRequest="false" />
</system.web>


karl

--
MY ASP.Net tutorials
http://www.openmymind.net/


"The Eeediot" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87



------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
 
Reply With Quote
 
Joel Cade, MCSD
Guest
Posts: n/a
 
      09-27-2004
Use Server.HTMLEncode before displaying the information. This will
encode the string so that it will display properly in HTML.

A note on the error: The validation request exception is raised to
prevent cross-site scripting from being exploited. ASP.Net checks for
possible script tags and other information being submitted to the
browser via input. This can be disabled in cases where you want to
submit script values (such as a WYSIWYG editor) by setting the
ValidateRequest page directive to false, <@% Page
validateRequest="false" %>, but this is not recommended.

Joel Cade, MCSD .Net, MCAD, MCP
Fig Tree Solutions, LLC
http://www.figtreesolutions.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Reply With Quote
 
The Eeediot
Guest
Posts: n/a
 
      09-27-2004
Hehehe.

I did choose the name aptly.


"Martin Dechev" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> Well, I guess you should read the error description more carefully. It

says:
>
> Description: Request Validation has detected a potentially dangerous

client
> input value, and processing of the request has been aborted. This value

may
> indicate an attempt to compromise the security of your application, such

as
> a cross-site scripting attack. You can disable request validation by

setting
> validateRequest=false in the Page directive or in the configuration

section.
> However, it is strongly recommended that your application explicitly check
> all inputs in this case.
>
> And now once again only the workaround:
>
> You can disable request validation by setting validateRequest=false in the
> Page directive or in the configuration section
>
> I advise you to disable it at page level. The so-called Page directive is
> the first row of each page starting with <%@ Page
>
> Greetings
> Martin
> "The Eeediot" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Hello, Folks...
>
> I'm almost becoming a regular to this newsgroup.
>
> I am trying to display the contents of an MS-SQL Text field to a TextBox

in
> ASPdotNET. The text in this field contains all sorts of characters
> including cheverons (i.e. ">" and "<") and occasionally I get the

following
> error condition (listed below). Is there anything I can do to avoid it?

I
> use the simple line txtArticle.Text = datareader("Article") in my code to
> populate it.
>
> TIA.
> Server Error in '/' Application.
> --------------------------------------------------------------------------

--
> ----
>
> A potentially dangerous Request.Form value was detected from the client
> (txtArticle="... then use <F8> to get boot men...").
> Description: Request Validation has detected a potentially dangerous

client
> input value, and processing of the request has been aborted. This value

may
> indicate an attempt to compromise the security of your application, such

as
> a cross-site scripting attack. You can disable request validation by

setting
> validateRequest=false in the Page directive or in the configuration

section.
> However, it is strongly recommended that your application explicitly check
> all inputs in this case.
>
> Exception Details: System.Web.HttpRequestValidationException: A

potentially
> dangerous Request.Form value was detected from the client (txtArticle="...
> then use <F8> to get boot men...").
>
> Source Error:
>
> An unhandled exception was generated during the execution of the
> current web request. Information regarding the origin and location of the
> exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [HttpRequestValidationException (0x80004005): A potentially dangerous
> Request.Form value was detected from the client (txtArticle="... then use
> <F8> to get boot men...").]
> System.Web.HttpRequest.ValidateString(String s, String valueName,

String
> collectionName) +230
> System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
> nvc, String collectionName) +99
> System.Web.HttpRequest.get_Form() +121
> System.Web.UI.Page.GetCollectionBasedOnMethod() +70
> System.Web.UI.Page.DeterminePostBackMode() +47
> System.Web.UI.Page.ProcessRequestMain() +2106
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>
>

System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionSte
> p.Execute() +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously) +87
>
>
>
> --------------------------------------------------------------------------

--
> ----
> Version Information: Microsoft .NET Framework Version:1.1.4322.573;

ASP.NET
> Version:1.1.4322.573
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Controlling text in a Text Area or Text leo ASP General 1 12-05-2005 01:13 AM
Displaying text in an asp.net table =?Utf-8?B?Q3JhaWcgSEI=?= ASP .Net 2 12-10-2004 08:09 AM
Displaying text/plain as text in IE with asp.net Mike Bridge ASP .Net 2 02-20-2004 04:56 PM
NewBee Type Question about displaying text vbGansta ASP .Net 0 02-16-2004 06:36 PM
Custom Control not displaying text in Designer Earl Teigrob ASP .Net 0 10-30-2003 03:12 PM



Advertisments