Trapping a ' potentially dangerous Request.QueryString value'

J

John Morgan

I am attempting to use a try/catch block to trap a querystring which
is caught by ValidateRequest="true" in the @page directive

A simple example of the blockthat does not work is

Try
routeID = Request.QueryString("routeID")
Catch
response.Write("a dangerous query string has been entered")
End Try

when I enter an invalid query string I get an error message in
the browser window as follows:

"A potentially dangerous Request.QueryString value was detected from
the client (routeID="<script>alert('boo')..."). "

However nothing is caught by the Try /Catch block and the page does
not get rendered at all ( buffer currently set to false)

My ultimate objectiveI is to trap this error so that I can redirect to
another page.

Any help on how I can trap this invalid querystring would be
appreciated,

Best wishes,
John Morgan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,982
Messages
2,570,189
Members
46,735
Latest member
HikmatRamazanov

Latest Threads

Top