Potentially dangerous request

Question

1.00/5 (1 vote)

See more:

I created web page where user can fill his detail.After clicking on button,user is redirected to another page.Suppose user enter something in address which include '<' or '>'I am changing it with it's htmlencode character through javascript onclientclick event of button to avoid error 'potentially dangerous Request'. and onclick event of button again,replacing htmlencode character to '<' or '>'.When user use browser's back button.He will see html encode character not '<' or '>'.Why this is happening,I already changed to '<' ?.How to handle this?I am using content page?

Posted 3-Apr-16 21:00pm

Member 11589429

Updated 3-Apr-16 22:56pm

F-ES Sitecore

v2

Add a Solution

Comments

Sergey Alexandrovich Kryukov 4-Apr-16 3:42am

All right, you screwed up something pretty badly. It happens. And how you want anyone to address it. Without any code sample anything? You can try to prototype the situation, simplify everything as much as possible, focusing on one single problem. If on one of the simplification steps the problem disappears, you will have a good clue on where it was. If not, you can get better chances to sort out the problem by yourself. In you fail with that, you can show all your code and ask for help. This is what the section "What I have tried" really for, not for repeating the same text...
—SA

Wombaticus 4-Apr-16 4:41am

Rather than changing the user input using JavaScript (which is unsafe - what if they have JavaScript disabled?) - you'd do better to sanitise it in code after PostBack (and set ValiodateRequest="False" in the page directive to avoid the 'potentially dangerous Request' error).

F-ES Sitecore 4-Apr-16 4:45am

I'd probably post that as a solution, there isn't really much more to add. If you want people to be able to enter angled brackets then disable validation but be mindful of what the means. Although rather than converting the text in code-behind, it might be better to leave it as it is and encode it when you display it. That way people can still "edit" the data and it will appear exactly as they entered it.

Member 11589429 4-Apr-16 5:20am

If I tried to set ValiodateRequest="False" in page directive,it is not working.It work only for framework 2.0 not framework 4.5

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wombaticus · Answer 1 · 2016-04-03T22:56:00

As F-ES Sitecore suggests:

Rather than changing the user input using JavaScript (which is unsafe - what if they have JavaScript disabled?) - you'd do better to sanitise it in code after PostBack (and set ValiodateRequest="False" in the page directive to avoid the 'potentially dangerous Request' error).

If you want people to be able to enter angled brackets then disable validation but be mindful of what this means. Although rather than converting the text in code-behind, it might be better to leave it as it is and encode it when you display it. That way people can still "edit" the data and it will appear exactly as they entered it.