Home > DeveloperSection > Forums > Handling an 'A potentially dangerous Request.Form value was detected' exception without deactivating validation
jacob rasel
jacob rasel

Total Post:88

Points:616
Posted on    December-19-2014 10:36 PM

 ASP.Net C#  Exception Handling  Validation 
Ratings:


 2 Reply(s)
 1194  View(s)
Rate this:

I am creating an ASP.NET application using C# for the scripting language. When I enter HTML code into the textboxes on my webpage I get the following exception 'A potentially dangerous Request.Form value was detected', as expected. I would like to be able to catch this exception so that I can put an error message out to the user, but I can only find articles on how to disable the validation; this is not something I'd like to do. Does anybody know where in the ASP.NET page lifecycle this exception would have to be handled, as I am having trouble catching it.

 

Thanks you.



Hugh Jackman
Hugh Jackman

Total Post:52

Points:366
Posted on    December-20-2014 5:48 AM

to allow the html character you need to

change the attribute value of page directive <%@ Page ValidateRequest="false" you can apply this as global level via web.config file inside  <system.web> section

 

<pages validateRequest="false" />


Norman Reedus
Norman Reedus

Total Post:45

Points:315
Posted on    December-20-2014 6:31 AM

I don't know 100% if this would work, but I do something similar for other situations, so I think it will. But try adding an Application_error handler in the global.asax, and look for that exception type, if Server.GetLastError() returns that exception type, try redirecting to your error page. I don't know what the exception type is, but that is easy to find (or just check the message).

 

Something like:

 

void Application_Error(..)

{

   var ex = Server.GetLastError();

   if (ex != null && ex is <whateverexceptiontype>) { // or check ex.Message matches

     HttpContext.Current.Response.Redirect("niceerrorpage.aspx")

   }

}


Don't want to miss updates? Please click the below button!

Follow MindStick