The issue
was, when user enters unenclosed HTML content into a comment text box s/he got
something like the following error message:
"A potentially dangerous Request.Form value
was detected from the client".
This was because .NET detected something in the entered text which looked like an HTML statement. Then I got a link Request Validation that is a feature put in place to protect your application cross site scripting attack and followed accordingly.
To disable request validation, I added the following to the existing "page" directive in that .aspx file.
validateRequest="false"
Like this
<%@ Page
Language="C#"
AutoEventWireup="true"
CodeFile="Login.aspx.cs"
Inherits="Login"
validateRequest="false" %>
But still
I got the same error.
Later I found, for .NET 4, we need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:
Later I found, for .NET 4, we need to add requestValidationMode="2.0" to the httpRuntime configuration section of the web.config file like the following:
<httpRuntime requestValidationMode="2.0"/>
But if there is no httpRuntime section in the web.config file, then this goes inside the
If anyone wants to turn off request validation for globally user, the following line in the web.config file within
<pages validateRequest="false" />
No comments :
Post a Comment