How to handle this error gracefully in asp.net?

Question

I have an asp.net site....I would like to know how to handle this error gracefully when a user enters and submit an illegal character (xss attack).

"A potentially dangerous Request.Form value was detected from the client (ctl00$TextBox1="").........etc"

I can turn-off the requestvalidation attribute and write a code to filter the string with illegal characters but I think it's not a good practice to turn it off. I would rather leave this on and catch the error gracefully say redirecting the user to another page that would tell him/her the error. How would you do this?

Answer 1

This error happens at a higher level on the page, before any of the major processing is handled, and it causes the request to abort.

I believe your only option here is to handle the exception on the Application_Error method within the global.asax and then redirect to a custom error page if needed.

Answer 2

Hey,

Handle gracefully, well you would have to do the form checking to find the error yourself, so you would have to do this for each input element or create a component to parse the posted form collection, not an easy task to do... (or at least check the relevant fields).

Then you could redirect to an error page with that message. Alternatively, if you leave it on, and like already mentioned handle Application_Error (or potentially the OnError method within the page), you could then redirect them to an error page with this message, essentially doing the same thing.

Answer 3

Check with JavaScript first, and display error message instantly. And duplicate this check in Application_Error event as Mitchel said.