0

I am stuck in the middle of a problem System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client for a week. This occurs due to multiline textbox.To solve this I added a property "Validation Request=false" in the header of the page and in web.config page. But it has not worked. Pls help me out. I want to save <span></span> tag with the help of a multiline textbox into a database. It is during that time this prob occurs. Otherwise it works properly.

Improve this question
2
  • And your question is...? Commented Aug 5, 2011 at 6:32
  • it is worked for fckeditor but not work for multiline text box. Commented Aug 5, 2011 at 6:36

3 Answers 3

Reset to default
4

Add the following attribute to your httpruntime tag in web.config:

<httpRuntime requestValidationMode="2.0" />

After setting this value, set validateRequest="false" in the pages tag:

<pages validateRequest="false">
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

I think you better encode your html before sending it to the database

Use Server.Encode(YourTextBoxId);

for example if your command is like :

cmd.Parameters.AddWithValue("@htmlcodefromtextbox", TextBox1.Text);

try this instead 

cmd.Parameters.AddWithValue("@htmlcodefromtextbox",  Server.Encode(YourTextBoxId));

and if your Command is like:

cmd.Parameters.Add("@htmlcodefromtextbox", SqlDbType.Text).Value = TextBox1.Text;

use this instead 

cmd.Parameters.Add("@htmlcodefromtextbox", SqlDbType.Text ).Value =Server.HtmlEncode( TextBox1.Text);

i am Sure this will do finely.

Improve this answer

Comments

1

You need to add EnableEventValidation="false" either in the page directive of the afflicted page or in the web.config.

It isn't advised however and enabling it means you should take stringent steps to sanitise the input as much as possible.

Regards

Si

Improve this answer

1 Comment

You will open your site to a number of security vulnerabilities by doing so. If you must disable event validation, do so at the page level and not at the site level. Also, you will need to ensure that you sanitize the data coming from the box before displaying it back to the users of your site.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.