Pages - Menu

A potentially dangerous Request.Form value was detected from the client

Troubleshoot

A potentially dangerous Request.Form value was detected from the client

One of the error I am getting when performing a form post with HTML tags in .Net.

Solutions

Web.config


One of the StackOverflow 150+ voted answer was this. 

<httpRuntime requestValidationMode="2.0" />

Put this in the Web.config and it will work. It is not my taste to change a site wide config for a form post though. I potentially want to block all other requests that post potentially dangerous HTML tags but except my Simple method.

ValidateInput = false


One of the simple solution available on the net is this. Set ValidateInput to false.



This works, but it potentially allowing the post not to check validation. I think I can still do better!!

AllowHtml


Potentially, I am setting AllowHtml attribute to a field that I would allow html. Everything else stay away.





No comments:

Post a comment