ValidateRequest="false" is required
(a) if you want to Html.Encode, and/or
(b) if you want to allow "<"
ASP.NET in general, by default, protects against black hat hackers and
script kiddies entering malicious code into your textboxes.
By forcing developers to use ValidateRequest="false" Microsoft is protecting people against
the wicked people "out there". Microsoft is also likely protecting Microsoft from
frivolous lawsuits.
To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the
<pages /> section to
false
:
Disabling request validation on a page
To disable request validation on a page you must set the
validateRequest
attribute of the
Page directive to
false
Regards,
Gerry (Lowry)
B-) Please help me by completing my school survey about computer programmers on my website. Thank you!!! Gerry Lowry +1 705-429-7550 wasaga beach, ontario, canada
Thanks every one,
It look like that what I need is a Validate that pop up a message that say "
Illegal character "
And display the character them self , how do I do that?
B-) Please help me by completing my school survey about computer programmers on my website. Thank you!!! Gerry Lowry +1 705-429-7550 wasaga beach, ontario, canada
Marked as answer by ricka6 on Nov 02, 2009 07:23 PM
AssafG
Member
2 Points
5 Posts
ignore a html tags in user text area
Nov 01, 2009 08:14 AM|LINK
hi,
I'm building my very first mvc project I'm having this problem
i have a text area for users to write same text ,
more or less in a twiter style site
how ever in this text area if the user write same html tags (like <p> , br/> and so on I'm getting this Error :
A potentially dangerous Request.Form value was detected from the client (status="...efor tags <br><br/> <p>").
I would like to have same valuator that just ignore any html tags that where written by user
How do I approach this ?
AssafG
Member
2 Points
5 Posts
Re: ignore a html tags in user text area
Nov 01, 2009 08:22 AM|LINK
Sorry I don’t know why the error was not include in the original massage
Here it is
A potentially dangerous Request.Form value was
detected from the client
(status="...efor tags <br><br/> <p>").
").
shawpnendu
Contributor
4275 Points
749 Posts
Re: ignore a html tags in user text area
Nov 01, 2009 08:41 AM|LINK
Add the tag in your page directive : ValidateRequest="false" will resolve your problem.
MCTS
http://shawpnendu.blogspot.com
AssafG
Member
2 Points
5 Posts
Re: ignore a html tags in user text area
Nov 01, 2009 09:01 AM|LINK
<% Html.BeginForm( ); %> <label id="statusLabel" for="status">Write your vort</label> <div id="sdiv"></div> <textarea id="userTextBox" name="status" cols="80" rows="2" ></textarea><br /> <button type="submit" >Update</button> <% Html.EndForm(); %>Hi, thanks
Non of the above tags except this
This is the code I'm using
gerrylowry
All-Star
20577 Points
5721 Posts
Re: ignore a html tags in user text area
Nov 01, 2009 12:07 PM|LINK
You need to do or at least read this tutorial:
#29 | Preventing JavaScript Injection AttacksView in VB or C#
ValidateRequest="false" is required
(a) if you want to Html.Encode, and/or
(b) if you want to allow "<"
ASP.NET in general, by default, protects against black hat hackers and script kiddies entering malicious code into your textboxes.
By forcing developers to use ValidateRequest="false" Microsoft is protecting people against the wicked people "out there". Microsoft is also likely protecting Microsoft from frivolous lawsuits.
see also http://www.asp.net/learn/whitepapers/request-validation/
Disabling request validation for your application
To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the
:<pages />section toDisabling request validation on a page
To disable request validation on a page you must set the
attribute of the Page directive toRegards,
Gerry (Lowry)
devilfeng
Member
60 Points
16 Posts
Re: ignore a html tags in user text area
Nov 02, 2009 12:22 AM|LINK
you can add attribute ValidataInput(false) at controller, and if need display this text area content on page, need Html.Encode()...
AssafG
Member
2 Points
5 Posts
Re: ignore a html tags in user text area
Nov 02, 2009 08:16 AM|LINK
Thanks every one,
It look like that what I need is a Validate that pop up a message that say "
Illegal character "
And display the character them self , how do I do that?
gerrylowry
All-Star
20577 Points
5721 Posts
Re: ignore a html tags in user text area
Nov 02, 2009 03:35 PM|LINK
You do not need a popup ... standard ASP.NET MVC validation is better imo ... here are the tutorial links:
http://www.asp.net/learn/mvc/#MVC_Validation
ASP.NET MVC Validation
Regards,
Gerry (Lowry)
AssafG
Member
2 Points
5 Posts
Re: ignore a html tags in user text area
Nov 03, 2009 07:40 AM|LINK
thanks a lot Gerry ,
this is what i needed