ASP.NET: A potentially dangerous Request.Form value was detected from the client

1.1k views Asked by At

I have a client that claims to get the server error "A potentially dangerous Request.Form value was detected from the client"

...and this is likely to be that html is entered and something I need to fix a better way of managing than validateRequest=true.

http://www.aspcode.net/A-potentially-dangerous-RequestForm-value-was-detected-from-the-client.aspx

But my client claims to have entered pure text and no html. What are the validation rules for an error? Only <>? Is there any other charactes I need to look out for?

/Niels

1

There are 1 answers

0
RickNZ On BEST ANSWER

The trigger characters for validate request filtering are less-than and html character escape sequences (&#XX;).

More details here: http://keepitlocked.net/archive/2007/10/30/asp-net-validaterequest-and-the-html-attribute-based-cross-site-scripting.aspx