If you happen to upgrade your .NET Framework to use the .NET 4.0 CLR's version of ASP.NET, then it helps keeping the ASP.NET 4.0 breaking changes document handy.
After the upgrade, most of the users using the Rich-text editors or textboxes to submit HTML data, encounter the following error “Exception type: System.Web. HttpRequestValidationException Exception message: A potentially dangerous Request.Form value was detected from the client“
Now we know about the request validation feature inASP.NET that shields cross-site scripting (XSS) attacks to a certain level. However this level of security changes inASP.NET 4.0 making it stricter in terms of request validation.
As given in the documentation “In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before theBeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request”
To fix this error, open your web.config and add the following setting inside <system.web> as shown here
<system.web> <httpRuntime requestValidationMode="2.0" /> ... rest of your attributes come here
The
<httpRuntime requestValidationMode="2.0" />
disables validation for request data. Although this isn’t particularly a very good fix as it compromises security, I believe it’s the only quick hack available unless you want to float your own custom request validator.Have a nice day... 'N happy Coding :)
No comments:
Post a Comment