Sunday, October 3, 2010

A potentially dangerous Request.Form value was detected from the client

I had a issue with one of my application in which asp.net throwing error like "A potentially dangerous Request.Form value was detected from the client". In my error it was showing error with encrypted viewstate value on the form.This error can not be reprodiced on IE other than IE6.
If you are receiving the A potentially dangerous Request.Form value was detected from the client error while a PostBack occurs it is because of in the PostBack content, there are HTML or HTML-like tags. This is ASP.NET's defense mechanism that prevents the users of a website to try and inject code into forms, as a way to hack into the websites.

To fix this, you can set the validateRequest attribute to false, either for the entire ASP.NET web application, or just for one page. To disable validateRequest for a single page, go to that page's Page attribute (located at the top of the markup), and set validateRequest to false, as you can see at the end of the example below:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="SamplePage.aspx.cs" MasterPageFile="master1.master" Inherits="default" ValidateRequest="false" %>


If you prefer to set this value for all the pages in your ASP.NET web application, open (or create) the web.config file and add the tag inside the system.web tag, as shown in the example below: