A potentially dangerous Request.Form value was detected from the client

[Josh Sale]

In the application that I'm developing, I stuff the XML data from a
client-side ActiveX spread sheet control (an Office Web Component) into a
hidden text control so that I can process it in my ASP.Net code on the
server.

However, unless I disable request validation on the page, I get the
following error message when the form is posted:

A potentially dangerous Request.Form value was detected from the client


My question is, is there some other way of getting the xml from the client
to the server code that will bypass this error message? I'd rather not
disable request validation for obvious reasons.

TIA,

josh

 

[Ken Cox [Microsoft MVP]]

Is there a way that you can use HttpServerUtility.HtmlEncode and
HttpServerUtility.HtmlDecode to escape/unescape the troublesome characters?

 

[Josh Sale]

I don't know?

My impression was that those two methods were for use on the server and not
the client (which is where my xml is originating).

josh