May 12, 2014 by Nitesh

Solution: A potentially dangerous Request.Form value was detected from the client in asp.net

Friends,

When posting HTML characters to an ASP.Net page, we normally get this error as – “A potentially dangerous Request.Form value was detected from the client in asp.net“. This post explains how to resolve this problem. To resolve this problem on a single page, you can set the “validateRequest” property of a page to false as shown below.

 < %@ Page Title="PotentialDangerous Page" ValidateRequest="false" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeBehind="PotentialDangerous.aspx.cs" Inherits="TestProject.PotentialDangerous"%>

In case you want to set it for the entire application, you can set the property for all pages under System.Web section in web.config file of the application as below.

 < pages validateRequest = "false" />

The above mentioned solution works for solutions that are not targeting .Net 4.0 and higher. If you are using .Net 4.0 or higher, you need to add another setting in your web.config file under the <system.web> node as below.

 < httpRuntime requestValidationMode="2.0" />

In case you want this to be restricted only on a specific page of your website and not the rest of the website, you should put the following under <configuration> tab –

    
  
    
      
      
    
  
    
  

Hope this helps! Keep learning and sharing! Cheers!

#ASP.Net#Errors#Troubleshooting
  • What are you doing? This is extremely dangerous from the security point of view. This will make the entire website vulnerable to XSS attacks.
    Also this is not an error. Common users will not encounter this. There are many safer workarounds for this like [AllowHtml] attributes. Use

    • This is just a workaround to ensure the page allows HTML values. It can be done at page level as explained.

Support us!

If you like this site please help and make click on any of these buttons!

Powered by WordPress Popup