A potentially dangerous Request.Form

Vote:
 
I went in Edit mode and tried creating a new page when I got this error. Has anyone else had this problem? I see on the web that it's an .net 2.0 thingy - but can't really find out which files I need to edit, to fix this problem. --------------------- A potentially dangerous Request.Form value was detected from the client (PC_43_1$EditForm$Abstract$Abstract="

sdfsd

"). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (PC_43_1$EditForm$Abstract$Abstract="

sdfsd

"). Source Error: The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL: 1. Add a "Debug=true" directive at the top of the file that generated the error. Example: <%@ page language="C#" debug="true" %> or: 2) Add the following section to the configuration file of your application: Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode. Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario. Stack Trace: [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (PC_43_1$EditForm$Abstract$Abstract="

sdfsd

").] System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +3219550 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +108 System.Web.HttpRequest.get_Form() +119 System.Web.HttpRequest.get_HasForm() +57 System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +2025201 System.Web.UI.Page.DeterminePostBackMode() +60 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953 System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154 System.Web.UI.Page.ProcessRequest() +86 System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18 System.Web.UI.Page.ProcessRequest(HttpContext context) +49 ASP.edit_editpanel_aspx.ProcessRequest(HttpContext context) +4 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
#12954
Mar 05, 2007 16:55
Vote:
 
I Googled "A potentially dangerous Request.Form value was detected", and the first result I got was: http://www.cryer.co.uk/brian/mswinswdev/ms_vbnet_server_error_potentially_dangerous.htm - which basically tells you to put validateRequest="false" in the web.config file or your templates. Which is the same as the prerequisiste section on http://www.episerver.com/en/EPiServer_Knowledge_Center/Download2/EPiServer-Downloads/EPiServer_461/ says. It is also documented in the release notes for EPiServer 4.61 and the installation instructions for the same version. :-) /Steve
#15147
Mar 06, 2007 8:04
Vote:
 
Yes, it was due impropper upgrade to .Net 2.0. Thanks.
#15148
Mar 12, 2007 15:54
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.