What's the best way to get round a 'Potentially Dangerous Request' error in asp.net?

views:

120

answers:

+3 Q:

What's the best way to get round a 'Potentially Dangerous Request' error in asp.net?

The project I am currently working on has, in the checkout, an option to attach an embedded YouTube video to an advert.

This is causing a headache:

My original plan was to take the embed html that the user provides from YouTube and split out the videoID, and store only that, rejecting anything that does not fit a certain pattern, to ensure there's no dodgy business.

Unfortunately, the ASP.net validation is catching the html before it gets sent back to me for processing, is there any way other than turning off validation to get around this?

I can deal with the unsecure html myself, and there are too many other controls on the page to justify turning off validation.

Cheers, Ed

+2 A:

Turning off the ValidateRequest flag is the only way to allow for .net to accept the data.

One alternative may be to use javascript to encode the input and have the page post the encoded data instead of the raw html.

Another alternative is to have a blank page with your control and a "submit" button within an iframe on the main page. That way you only need to turn off validation for that page and therefore that control. Styling can be an issue here though.

Robin Day 2009-06-17 11:41:35

If you are only interested in the video ID from YouTube, could you not just get the user to enter the YouTube URL then extract the video ID from the querystring? Then you wouldn't have to worry about the page validation issues at all.

Ian Oxley 2009-06-17 12:05:43

yeah, at some point in the design it was decided that it would be better if people put the embed control in...I'd have prefered to do it the way you said, but it's not my call.

Ed Woodcock 2009-06-17 12:18:50

ansaurus

tags:

views:

answers:

What's the best way to get round a 'Potentially Dangerous Request' error in asp.net?

related questions