Error Message:
System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (xx="xxxxx")
For details discussion on the .Net Request Validation http://dotnetfish.blogspot.com/2007/08/systemwebhttprequestvalidationexception.html
By default, .Net will validate input (Form and QueryString). Input with special tags (HTML, Javascript and etc) will cause the error message shown.
Usage for .NET Request Validation:
This validation can help to prevent "Script Injection".
To turn off the validation: (Not encourage)
<%@Page ... validateRequest="true"%> to <%@Page ... validateRequest="false"%>
Solve the problem:
set ValidateRequest="true" and HTMLEncode the input
For example:
title = Server.HtmlEncode(Request.QueryString["title"].ToString());
No comments:
Post a Comment