ansaurus

Question

Form Post Error

Answer 1

A:

That would be the '<' and '>'.

EDIT: It's assumed that including html entries in form responses is intended as an attack on the server on which the form resides. So, by default, any code that resembles html (i.e. includes '<' or '>') is automatically flagged as a problem.

One way to resolve this is to turn off this type of validation by setting validateRequest="false" in the Page directive for that page, but there are other (and better) ways to work around that.

Here's some information from Microsoft about this issue.

Michael Todd 2009-08-26 14:58:27

changing validateRequest to false is a dangerous move and shouldn't be changed without knowing the risks to your users, site and systems. The URL does have some good information about how to work with the issues.

Coding Monkey 2009-08-26 15:29:11

Answer 2

A:

Its the html "<br/>" tags.

Here's an article with a brief explanation . Also shows you how to work around it by turning off validation. Though I guess that would be a bit dangerous to just turn it off.

David Archer 2009-08-26 14:59:33

Answer 3

A:

It actually should be

<br /><br />

it complains about.

Sani Huttunen 2009-08-26 15:00:08

Answer 4

+1 A:

The contents of a control (probably a textbox) contains what ASP.net considers to be markup, eg:

<br /><br />

You can add ValidateRequest="false" to the Page directive in your .aspx file as follows:

<%@ Page ........ ValidateRequest="false" ........ %>

As other answers noted, asp.net is doing this to try and protect you from potentially malicious input so make sure you're aware of the risk and encode/decode user data appropriately.

Rob 2009-08-26 15:00:23

is it ok to set this to false in a production environment?

madphp 2009-08-26 15:03:18

If you're happy that the controls on that page *should* be submitting content that contains markup or content that *looks like* it contains markup, then yes. There are no performance risks, it's an asp.net implemented safeguard

Rob 2009-08-26 15:19:47

Answer 5

+1 A:

I think you can take a look at this A potentially dangerous Request.Form value was detected

RioTera 2009-08-26 15:13:23

Answer 6

A:

My idea: allow this exception to be thrown. Use Application_Error handler to write code, that redirects (using Response.Redirect - this is important, since this gives users’ browser ability to go back) user to a custom error page. On this page write some text explaining that users had incorrectly input some text. Something like:

"Dear user, you have entered some invalid text, like “<” or “.”. Please, enter text using only characters and numbers".

Put a link on that page, and this link can contain a javascript "back" command:

href="javascript: history.go(-1)"

Users after clicking suchlink will be redirected by their browsers to the previous page, where they can re-edit their input.

smok1 2009-08-26 15:17:27

ansaurus

tags:

views:

answers:

Form Post Error

related questions