HANDLING AN 'A POTENTIALLY DANGEROUS REQUEST.FORM VALUE WAS DETECTED' EXCEPTION WITHOUT DEACTIVATING VALIDATION

jacob rasel

Total Post:88

Points:616
Posted by  jacob rasel
 1638  View(s)
Ratings:
Rate this:

I am creating an ASP.NET application using C# for the scripting language. When I enter HTML code into the textboxes on my webpage I get the following exception 'A potentially dangerous Request.Form value was detected', as expected. I would like to be able to catch this exception so that I can put an error message out to the user, but I can only find articles on how to disable the validation; this is not something I'd like to do. Does anybody know where in the ASP.NET page lifecycle this exception would have to be handled, as I am having trouble catching it.

 

Thanks you.

  1. Hugh Jackman

    Post:52

    Points:366
    Re: Handling an 'A potentially dangerous Request.Form value was detected' exception without deactivating validation

    to allow the html character you need to

    change the attribute value of page directive <%@ Page ValidateRequest="false" you can apply this as global level via web.config file inside  <system.web> section

     

    <pages validateRequest="false" />

  1. Norman Reedus

    Post:45

    Points:315
    Re: Handling an 'A potentially dangerous Request.Form value was detected' exception without deactivating validation

    I don't know 100% if this would work, but I do something similar for other situations, so I think it will. But try adding an Application_error handler in the global.asax, and look for that exception type, if Server.GetLastError() returns that exception type, try redirecting to your error page. I don't know what the exception type is, but that is easy to find (or just check the message).

     

    Something like:

     

    void Application_Error(..)

    {

       var ex = Server.GetLastError();

       if (ex != null && ex is <whateverexceptiontype>) { // or check ex.Message matches

         HttpContext.Current.Response.Redirect("niceerrorpage.aspx")

       }

    }

Answer

NEWSLETTER

Enter your email address here always to be updated. We promise not to spam!