Why Getting 'A Potentially Dangerous Request...' Error?

  • Thread starter Thread starter Anil Kripalani
  • Start date Start date
A

Anil Kripalani

When a user of our ASP.NET 1.1 application submits a form with the phrase
'manuscript:' in a text field, ASP returns the error 'A potentially
dangerous Request.Form value was detected from the client
(182:BodyField="manuscript: hello").' Why is this seemingly innocent text
triggering this error?

Thanks,
Krip
 
"...manuscript: ....."
is similar to
".....javascript: ....."
Thinks it's a javascript function
 
To be clear-- there are quite a few protocol strings (javascript: vbscript:
mocha: etc etc) which are supported by the universe of browsers. The HTML
InputValidation routines are pretty broad in order to avoid missing things.

--
Thanks,

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top