Services
Technology Web App Development Mobile App Development Windows App Development Database Development UI/UX Development Cloud Development SEO Digital Marketing Guest Posting Content Writing Artificial Intelligence Data Science ERP Development CRM Development CMS Development LMS Development Business Listing Blockchain Technology Startup Promotion
Products
Data Converter Cleaner TUC - Unit Converter Import Export Survey Manager Tweet Controller
Developer
Article Blog Forum Interview Beginner News Startup Quiz
Users
Career
Apply Job Internship
Pricing
Login Sign Up Get a Quote

forum

home / developersection / forums / handling an 'a potentially dangerous request.form value was detected' exception without deactivating validation
Ask Question

Handling an 'A potentially dangerous Request.Form value was detected' exception without deactivating validation

Anonymous User 3174 19 Dec 2014

I am creating an ASP.NET application using C# for the scripting language. When I enter HTML code into the textboxes on my webpage I get the following exception 'A potentially dangerous Request.Form value was detected', as expected. I would like to be able to catch this exception so that I can put an error message out to the user, but I can only find articles on how to disable the validation; this is not something I'd like to do. Does anybody know where in the ASP.NET page lifecycle this exception would have to be handled, as I am having trouble catching it.

 

Thanks you.

asp.net c#exception handlingvalidation
Updated 20 Dec 2014
Anonymous User
Anonymous User

Other

I am a content writter !

Message

2 Answers

Norman Reedus
Norman Reedus 20 Dec 2014
Report Abuse

I don't know 100% if this would work, but I do something similar for other situations, so I think it will. But try adding an Application_error handler in the global.asax, and look for that exception type, if Server.GetLastError() returns that exception type, try redirecting to your error page. I don't know what the exception type is, but that is easy to find (or just check the message). 

Something like: 

void Application_Error(..)
{
   var ex =Server.GetLastError();
   if (ex != null && ex is <whateverexceptiontype>) { // or check ex.Message matches
    
HttpContext.Current.Response.Redirect("niceerrorpage.aspx")
   }
}

Anonymous User
Anonymous User 20 Dec 2014
Report Abuse

to allow the html character you need to

change the attribute value of page directive <%@ Page ValidateRequest="false" you can apply this as global level via web.config file inside  <system.web> section

 

<pages validateRequest="false" />

advertising