I have a client that claims to get the server error "A potentially dangerous Request.Form value was detected from the client"
...and this is likely to be that html is entered and something I need to fix a better way of managing than validateRequest=true.
http://www.aspcode.net/A-potentially-dangerous-RequestForm-value-was-detected-from-the-client.aspx
But my client claims to have entered pure text and no html. What are the validation rules for an error? Only <>? Is there any other charactes I need to look out for?
/Niels
The trigger characters for validate request filtering are less-than and html character escape sequences (&#XX;).
More details here: http://keepitlocked.net/archive/2007/10/30/asp-net-validaterequest-and-the-html-attribute-based-cross-site-scripting.aspx