Problem displaying text in a TextBox...

[The Eeediot]

Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

 

[Martin Dechev]

Hi,

Well, I guess you should read the error description more carefully. It says:

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

And now once again only the workaround:

You can disable request validation by setting validateRequest=false in the
Page directive or in the configuration section

I advise you to disable it at page level. The so-called Page directive is
the first row of each page starting with <%@ Page

Greetings
Martin
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.
----------------------------------------------------------------------------
----

A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
p.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87

 

[Hermit Dave]

@Page directive has an attribute called ValidateRequest. For the values to
contain explict < > tags you will have to set it to false.
For more information refer
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/cpconPage.asp

Read this before you apply it
http://msdn.microsoft.com/library/d...tingagainstscriptexploitsinwebapplication.asp

--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.


A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
+179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87





Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573

 

[Guest]

Hi,

Try using HttpUtility.HtmlEncode() . To get more info check this out;


http://msdn.microsoft.com/library/d...SystemWebHttpUtilityClassHtmlEncodeTopic2.asp

Hope this helps,

Ethem

Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

 

[Karl Seguin]

You have to disable the validateRequest via either the:
Page directive:
<%@ Page ... validateRequest="false" %>

or the web.config:
<system.web>
<pages validateRequest="false" />
</system.web>


karl

--
MY ASP.Net tutorials
http://www.openmymind.net/


Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in ASPdotNET. The text in this field contains all sorts of characters including cheverons (i.e. ">" and "<") and occasionally I get the following error condition (listed below). Is there anything I can do to avoid it? I use the simple line txtArticle.Text = datareader("Article") in my code to populate it.

TIA.
Server Error in '/' Application.
------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtArticle="... then use <F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

 

[Joel Cade, MCSD]

Use Server.HTMLEncode before displaying the information. This will
encode the string so that it will display properly in HTML.

A note on the error: The validation request exception is raised to
prevent cross-site scripting from being exploited. ASP.Net checks for
possible script tags and other information being submitted to the
browser via input. This can be disabled in cases where you want to
submit script values (such as a WYSIWYG editor) by setting the
ValidateRequest page directive to false, <@% Page
validateRequest="false" %>, but this is not recommended.

Joel Cade, MCSD .Net, MCAD, MCP
Fig Tree Solutions, LLC
http://www.figtreesolutions.com

 

[The Eeediot]

Hehehe.

I did choose the name aptly.

Hi,

Well, I guess you should read the error description more carefully. It says:

Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

And now once again only the workaround:

You can disable request validation by setting validateRequest=false in the
Page directive or in the configuration section

I advise you to disable it at page level. The so-called Page directive is
the first row of each page starting with <%@ Page

Greetings
Martin
Hello, Folks...

I'm almost becoming a regular to this newsgroup.

I am trying to display the contents of an MS-SQL Text field to a TextBox in
ASPdotNET. The text in this field contains all sorts of characters
including cheverons (i.e. ">" and "<") and occasionally I get the following
error condition (listed below). Is there anything I can do to avoid it? I
use the simple line txtArticle.Text = datareader("Article") in my code to
populate it.

TIA.
Server Error in '/' Application.
-------------------------------------------------------------------------- --
----

A potentially dangerous Request.Form value was detected from the client
(txtArticle="... then use <F8> to get boot men...").
Description: Request Validation has detected a potentially dangerous client
input value, and processing of the request has been aborted. This value may
indicate an attempt to compromise the security of your application, such as
a cross-site scripting attack. You can disable request validation by setting
validateRequest=false in the Page directive or in the configuration section.
However, it is strongly recommended that your application explicitly check
all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially
dangerous Request.Form value was detected from the client (txtArticle="...
then use <F8> to get boot men...").

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestValidationException (0x80004005): A potentially dangerous
Request.Form value was detected from the client (txtArticle="... then use
<F8> to get boot men...").]
System.Web.HttpRequest.ValidateString(String s, String valueName, String
collectionName) +230
System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection
nvc, String collectionName) +99
System.Web.HttpRequest.get_Form() +121
System.Web.UI.Page.GetCollectionBasedOnMethod() +70
System.Web.UI.Page.DeterminePostBackMode() +47
System.Web.UI.Page.ProcessRequestMain() +2106
System.Web.UI.Page.ProcessRequest() +218
System.Web.UI.Page.ProcessRequest(HttpContext context) +18

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionSte
p.Execute() +179
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87



-------------------------------------------------------------------------- --