How to handle request validation exception
-
Hi All I have the following code <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <script language="C#" runat="server"> protected void button1_Click(object sender, EventArgs e) { try { TextBox1.Text = (TextBox1.Text + "<strong></strong>"); Label1.Text = (TextBox1.Text); } catch (System.Web.HttpRequestValidationException) { Response.Write("html is not allowed"); } } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Height="300px" Width="400px"></asp:TextBox> </div> <asp:Button ID="button1" runat="server" Text="strong" onclick="button1_Click" /> <asp:Label ID="Label1" runat="server"></asp:Label> </form> </body> </html> If i click on button twice I am getting request validation exception which I want to catch. The error which I am getting is ************************************************************************* Server Error in '/TextControlOnSite' Application. -------------------------------------------------------------------------------- A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Source Error: [No relevant source lines] Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\textcontrolonsite\d5a3eadf\30926e30\App_Web_rwvmmuiv.0.cs Line: 0 Stack Trace: [HttpRequestValidationException (0x80004005): A poten
-
Hi All I have the following code <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <script language="C#" runat="server"> protected void button1_Click(object sender, EventArgs e) { try { TextBox1.Text = (TextBox1.Text + "<strong></strong>"); Label1.Text = (TextBox1.Text); } catch (System.Web.HttpRequestValidationException) { Response.Write("html is not allowed"); } } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Height="300px" Width="400px"></asp:TextBox> </div> <asp:Button ID="button1" runat="server" Text="strong" onclick="button1_Click" /> <asp:Label ID="Label1" runat="server"></asp:Label> </form> </body> </html> If i click on button twice I am getting request validation exception which I want to catch. The error which I am getting is ************************************************************************* Server Error in '/TextControlOnSite' Application. -------------------------------------------------------------------------------- A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Source Error: [No relevant source lines] Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\textcontrolonsite\d5a3eadf\30926e30\App_Web_rwvmmuiv.0.cs Line: 0 Stack Trace: [HttpRequestValidationException (0x80004005): A poten
The solution is present in your exception itself. put
validateRequest="false"in your<%@ Pagedirective This will solve your problem. Try google and you will know why this exception occurs while posting back.Anurag Gandhi. http://www.gandhisoft.com Life is a computer program and every one is the programmer of his own life.
-
Hi All I have the following code <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %> <script language="C#" runat="server"> protected void button1_Click(object sender, EventArgs e) { try { TextBox1.Text = (TextBox1.Text + "<strong></strong>"); Label1.Text = (TextBox1.Text); } catch (System.Web.HttpRequestValidationException) { Response.Write("html is not allowed"); } } </script> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Untitled Page</title> </head> <body> <form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Height="300px" Width="400px"></asp:TextBox> </div> <asp:Button ID="button1" runat="server" Text="strong" onclick="button1_Click" /> <asp:Label ID="Label1" runat="server"></asp:Label> </form> </body> </html> If i click on button twice I am getting request validation exception which I want to catch. The error which I am getting is ************************************************************************* Server Error in '/TextControlOnSite' Application. -------------------------------------------------------------------------------- A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (TextBox1="<strong></strong>"). Source Error: [No relevant source lines] Source File: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\textcontrolonsite\d5a3eadf\30926e30\App_Web_rwvmmuiv.0.cs Line: 0 Stack Trace: [HttpRequestValidationException (0x80004005): A poten
Why do you want to catch exception at server side.. you can do it by custom validator also but if you want to do it server side only... put ValidateRequest="false" in page attribute.. Now .Net allow this request to go server side.Now make your handler to throw some exception according to your need and show the message accordingly..
Cheers!! Brij