CODEDIGEST
Home » CodeDigest
Search
 

Technologies
 

HTML Input and Input Validation through ValidateRequest in ASP.Net
Submitted By Satheesh Babu B
On 10/25/2008 8:48:14 PM
Tags: asp.net,CodeDigest  

 HTML Input and Input Validation through ValidateRequest in ASP.Net

 

When we input some html text in a TextArea or TextBox and post it to the server we will get the following error.

 

A potentially dangerous Request.Form value was detected from the client.

 

This is because; By default, every request to ASP.Net is validated for Cross Site Scripting attack. To allow users to enter HTML text, we can either set validateRequest=false in the Page directive or in the configuration section. When we set this attribute to false, we need to ensure explicitly that the input is safe through our code. To ensure, we need to encode the input through HtmlEncode() method in HttpUtility class. Refer the below code.

 

HttpUtility.HtmlEncode(txtTitle.Text)

 

It is better to set this attribute in Page attribute wherever required. Setting this in Web.Config will disable request validation for the whole site.

 

We can also disable the request validation for a set of pages inside a folder in the website through the <location> tag.

 

  <!-- For HTML Comments  -->

  <location path="Articles">

    <system.web>

      <pages validateRequest="false"/>

    </system.web>

  </location>

 

Note

The location element should be placed outside of the <system.web> element.

 

 
Do you have a working code that can be used by anyone? Submit it here. It may help someone in the community!!
Recent Codes
  • Convert DateTime to Different TimeZone in C#, ASP.Net
    		•
  • Get Month Name and Day name for a Date in C#, ASP.Net
    		•
  • Format DateTime based on Country or Culture in C#, ASP.Net
    		•
  • Get All Language-Country Code List for all Culture in C#, ASP.Net
    		•
  • How to strip HTML tags, HTML Encode and Decode HTML string using jQuery/JavaScript in ASP.Net?
    		•
  • How to search a folder or file under a directory using wildcard in C#?
    		•
  • Disable or Make a ListItem Non selectable ASP.Net DropDownList
  • Block or Disable Cut, Copy and Paste operation in ASP.Net TextBox Using jQuery
    		•
  • How to split string using C#?
    		•
  • How to check if a String is Integer in C#? (Part 2)
    		•
    View All Codes..
     
    www.codedigest.com. All articles are posted "AS IS" with no warranties. All articles are posted for educational purpose only and individual authors are responsible for their article. Please mail admin@codedigest.com for any queries or compliants.
    Disclaimer  Terms and Condition  Privacy Policy  Contact Us   Our network websites: ChennaiOnNet.Com