ValidateRequest="false" error

  • Thread starter Thread starter Martin Colmenares
  • Start date Start date
M

Martin Colmenares

After I set my <%@ page ValidateRequest="false" %> , I still get the
error illustrated below. The msdn mentioned something about filtering
using the HTMLEncode. This is a snippet of the code that should display
the result.

</head>
<body MS_POSITIONING="GridLayout" bgcolor="gainsboro">
<form id="Form1" method="post" runat="server">
<INPUT style="Z-INDEX: 101; LEFT: 248px; POSITION:absolute; TOP:184px"
type="button" value=" OK " onclick="OnOK();" tabindex="3">
<INPUT style="Z-INDEX: 102; LEFT: 304px; POSITION:absolute; TOP:184px"
type="button" value="Cancel" onclick="OnCancel();" tabindex="4">
<TEXTAREA id="Description" style="Z-INDEX: 103; LEFT: 56px; WIDTH:320px;
POSITION: absolute; TOP: 88px; HEIGHT: 70px" rows="4" cols="37"
tabindex="2"></textarea>
<DIV style="DISPLAY: inline; FONT-WEIGHT: bold; Z-INDEX: 104; LEFT:24px;
WIDTH: 296px; POSITION: absolute; TOP: 56px; HEIGHT: 24px"
ms_positioning="flowlayout">description
of changes:</div>
<DIV style="DISPLAY: inline; FONT-WEIGHT: bold; Z-INDEX: 105; LEFT:24px;
WIDTH: 70px; POSITION: absolute; TOP: 24px; HEIGHT: 15px"
ms_positioning="flowlayout">revision:</div>
<INPUT id="Revision" style="Z-INDEX: 106; LEFT: 112px;
POSITION:absolute; TOP: 24px" type="text" tabindex="1">
</form>
</body>





Server Error in 'name of app' Application.
------------------------------------------------------------------------
--------

A potentially dangerous Request.Form value was detected from the client
(RevisionHistoryTable=" <TABLE border=1 styl...").
Description: Request Validation has detected a potentially dangerous
client input value, and processing of the request has been aborted. This
value may indicate an attempt to compromise the security of your
application, such as a cross-site scripting attack. You can disable
request validation by setting validateRequest=false in the Page
directive or in the configuration section. However, it is strongly
recommended that your application explicitly check all inputs in this
case.

Exception Details: System.Web.HttpRequestValidationException: A
potentially dangerous Request.Form value was detected from the client
(RevisionHistoryTable=" <TABLE border=1 styl...").

Source Error:

An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (RevisionHistoryTable="
<TABLE border=1 styl...").]
System.Web.HttpRequest.ValidateString(String s, String valueName,
String collectionName) +230

System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutio
nStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, boolean&
completedSynchronously) +87
 
Back
Top