A potentially dangerous Request.Form value was detected from the client in asp.net

Introduction:

In this post I will explain how to solve the problem “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms” using asp.net.

Description: 

In previous post I explained clearly about Rich textbox sample in asp.net . After completion code if I try to insert some html formatted data in database using rich textbox I got error like “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms”

Sample data I used to insert in database

<html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> </div> </form> </body> </html>

After enter the above formatted html data in Rich Textbox and I tried to insert data then I got error message like

Server Error in ‘/RichTextboxSample’ Application. A potentially dangerous Request.Form value was detected from the client (remarks =”<html></html>”) Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (remarks="<html></html>5678,<c…"). Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

This error occurs during insertion of html format data into database to eliminate this error we need to set ValidateRequest="false" in @Page line of web page or web.config file to solve security problems.

To solve this problem we need to add the ValidateRequest="false" in @Page line of web page like this

WebForms

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" ValidateRequest="false" %>

In this way we need to set ValidateRequest="false" in required pages otherwise we can set it globally to work for all the pages without having this error we need to add ValidateRequest="false" in web.config file under system.web section like this

Web.Config

<system.web> ……………………… <pages validateRequest="false"> </pages> ……………………… </system.web>

After set this property in webpage or web.config my problem has sovled and my code works perfectly. I hope it helps to solve your problem.

Happy Coding………