TechQA.

Alternative to ValidateRequest="false"

17k views Asked by At

Is there a way to prevent the error "A potentially dangerous Request.Form value was detected from the client" other than setting ValidateRequest="false"?

Update: I removed the "on the page" part. I'd like to not use ValidateRequest="false" at all, on the page or in web.config.

asp.net http-post validate-request
Original Q&A
4

There are 4 answers

0
Aghilas Yakoub On

1 You can also add javascript validation on your input

2 You can Add Custom Validator

1
magnattic On

Check out the new ASP.NET 4.5 request validation features.

If you set 

<httpRuntime requestValidationMode="4.5" ... />

in your web.config, values will only get validated when you access them. This is called deferred validation.

Also you can get unvalidated values via 

var s = context.Request.Unvalidated.Form["forum_post"];
0
AudioBubble On

You can disable it for the entire application by editing the web.config file

<configuration>
   <system.web>
      <pages validateRequest="false" />
   </system.web>
</configuration>

It would help to know if you want to just suppress the error, or if you want to prevent it from being raised to start with. If you want to prevent it, sanitize your input (using javascript or validators) before submitting the form.

0
Darren Wainwright On

Yep, you can do it globally in the web.config.

If you're running .net 4.0 you can add this into your web.config

<httpRuntime requestValidationMode="2.0"/>

Or you could add this instead

<pages validateRequest="false" />

Related Questions in ASP.NET

Related Questions in HTTP-POST

Related Questions in VALIDATE-REQUEST

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions