«

Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87



--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

Hi,

Well, I guess you should read the error description more carefully. It says:

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

And now once again only the workaround:

You can disable request validation by setting validateRequest=false in the
Page directive or in the configuration section

I advise you to disable it at page level. The so-called Page directive is
the first row of each page starting with <%@ Page

Greetings
Martin
"The Eeediot" <> wrote in message
news:zqWdnccP1pVIs8XcRVn-...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.
----------------------------------------------------------------------------
----

A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionSte
p.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87



----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573

@Page directive has an attribute called ValidateRequest. For the values to
contain explict < > tags you will have to set it to false.
For more information refer
http://msdn.microsoft.com/library/de.../cpconPage.asp

Read this before you apply it
http://msdn.microsoft.com/library/de...pplication.asp

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
"The Eeediot" <> wrote in message
news:zqWdnccP1pVIs8XcRVn-...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.


A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute()
+179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously) +87





Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573

Hi,

Try using HttpUtility.HtmlEncode() . To get more info check this out;


http://msdn.microsoft.com/library/de...codeTopic2.asp

Hope this helps,

Ethem

"The Eeediot" wrote:

> Hello, Folks...
>
> I'm almost becoming a regular to this newsgroup.
>
> I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.
>
> TIA.
> Server Error in '/' Application.
> --------------------------------------------------------------------------------
>
> A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
> Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
>
> Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
>
> Source Error:
>
> An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
> System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
> System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
> System.Web.HttpRequest.get_Form() +121
> System.Web.UI.Page.GetCollectionBasedOnMethod() +70
> System.Web.UI.Page.DeterminePostBackMode() +47
> System.Web.UI.Page.ProcessRequestMain() +2106
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
> System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87
>
>
>
> --------------------------------------------------------------------------------
> Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322

You have to disable the validateRequest via either the:
Page directive:
<%@ Page ... validateRequest="false" %>

or the web.config:
<system.web>
<pages validateRequest="false" />
</system.web>


karl

--
MY ASP.Net tutorials
http://www.openmymind.net/


"The Eeediot" <> wrote in message news:zqWdnccP1pVIs8XcRVn-...
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +87



------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573

Use Server.HTMLEncode before displaying the information. This will
encode the string so that it will display properly in HTML.

A note on the error: The validation request exception is raised to
prevent cross-site scripting from being exploited. ASP.Net checks for
possible script tags and other information being submitted to the
browser via input. This can be disabled in cases where you want to
submit script values (such as a WYSIWYG editor) by setting the
ValidateRequest page directive to false, <@% Page
validateRequest="false" %>, but this is not recommended.

Joel Cade, MCSD .Net, MCAD, MCP
Fig Tree Solutions, LLC
http://www.figtreesolutions.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Hehehe.

I did choose the name aptly.


"Martin Dechev" <detcheff_@hotmail.com> wrote in message
news:...
> Hi,
>
> Well, I guess you should read the error description more carefully. It
says:
>
> Description: Request Validation has detected a potentially dangerous
client
> input value, and processing of the request has been aborted. This value
may
> indicate an attempt to compromise the security of your application, such
as
> a cross-site scripting attack. You can disable request validation by
setting
> validateRequest=false in the Page directive or in the configuration
section.
> However, it is strongly recommended that your application explicitly check
> all inputs in this case.
>
> And now once again only the workaround:
>
> You can disable request validation by setting validateRequest=false in the
> Page directive or in the configuration section
>
> I advise you to disable it at page level. The so-called Page directive is
> the first row of each page starting with <%@ Page
>
> Greetings
> Martin
> "The Eeediot" <> wrote in message
> news:zqWdnccP1pVIs8XcRVn-...
> Hello, Folks...
>
> I'm almost becoming a regular to this newsgroup.
>
> I am trying to display the contents of an MS-SQL Text field to a TextBox
in
> ASPdotNET. The text in this field contains all sorts of characters
> including cheverons (i.e. ">" and "<") and occasionally I get the
following
> error condition (listed below). Is there anything I can do to avoid it?
I
> use the simple line txtArticle.Text = datareader("Article") in my code to
> populate it.
>
> TIA.
> Server Error in '/' Application.
> --------------------------------------------------------------------------
--
> ----
>
> A potentially dangerous Request.Form value was detected from the client
> (txtArticle="... then use <F8> to get boot men...").
> Description: Request Validation has detected a potentially dangerous
client
> input value, and processing of the request has been aborted. This value
may
> indicate an attempt to compromise the security of your application, such
as
> a cross-site scripting attack. You can disable request validation by
setting
> validateRequest=false in the Page directive or in the configuration
section.
> However, it is strongly recommended that your application explicitly check
> all inputs in this case.
>
> Exception Details: System.Web.HttpRequestValidationException: A
potentially
> dangerous Request.Form value was detected from the client (txtArticle="...
> then use <F8> to get boot men...").
>
> Source Error:
>
> An unhandled exception was generated during the execution of the
> current web request. Information regarding the origin and location of the
> exception can be identified using the exception stack trace below.
>
> Stack Trace:
>
> [HttpRequestValidationException (0x80004005): A potentially dangerous
> Request.Form value was detected from the client (txtArticle="... then use
> <F8> to get boot men...").]
> System.Web.HttpRequest.ValidateString(String s, String valueName,
String
> collectionName) +230
> System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
> nvc, String collectionName) +99
> System.Web.HttpRequest.get_Form() +121
> System.Web.UI.Page.GetCollectionBasedOnMethod() +70
> System.Web.UI.Page.DeterminePostBackMode() +47
> System.Web.UI.Page.ProcessRequestMain() +2106
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>
>
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication+IExecutionSte
> p.Execute() +179
> System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
> completedSynchronously) +87
>
>
>
> --------------------------------------------------------------------------
--
> ----
> Version Information: Microsoft .NET Framework Version:1.1.4322.573;
ASP.NET
> Version:1.1.4322.573
>
>