A Potentially Dangerous Request.Form Value Was Detected

By Nick | April 11, 2011

ASP.NET automatically checks for HTML being sent by GET or POST requests as a security precaution and throws the following nasty error if it finds any:

A potentially dangerous Request.Form value was detected from the client...

To stop the automatic validation you can add the following to a page directive:

validateRequest="false"

Now you can accept HTML through GET and POST requests and validate the input as required.

This setting will not work in user controls files and should instead be added to the page that references the user control.

The setting can be applied globally to all pages in web.config but should be used with caution:

<system.web>
   <pages validateRequest="false" />
</system.web>

 

This entry was posted in Programming and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

*
*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

* = Required