I have a simple aspx page through which i am entering Text into a textbox the text are coming though texteditor so the text are with html tags.
Such as <p>My name</p>
the error which i am getting is like:
Server Error '/' Application
A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$TxtTopicName="<p>kdarftghjh</p>").
What type of error is this and how could i resolve such error.Thanks for any assistance.
If you're using webforms you can add the following to your page-declaration:
validateRequest="false"
You are having html tags in this input(<,>). just remove it or encode it. of if you really need to do like this try adding following part to web.config
<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
<pages validateRequest="false">
</pages>
</configuration>
Related
For some weird reason when I enter such characters in text fields and press submit button I getting blank page loaded and I don't see any errors appear.
Include requestValidationMode in your web.config file.
<system.web>
...
<httpRuntime requestValidationMode="2.0" />
</system.web>
Also you can set ValidateRequest to false in your page directive.
<%# Page ... ValidateRequest="false" %>
I have a large form that gets executed and spits out a query string that very long. sometimes it's only 50 characters and sometimes it's reaching 50k characters. The problem is, i notice once the query string hits about 7500 characters, i get
"The connection was reset. The connection to the server was reset while the page was loading."
I get this in explorer, firefox and chrome. I have adjusted my web.config file to allow for many characters and sizes, but i am still getting this error after 7500 characters. (that is not an exact number its a guesstimate)
I'm not sure if I am missing something or not
Here is my web.config file
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true"/>
</system.webServer>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxQueryString="90000"/>
<requestLimits maxUrl="90000">
</requestFiltering>
</security>
</system.webServer>
<system.web>
<httpRuntime
maxQueryStringLength="90000"
maxUrlLength="90000"
relaxedUrlToFileSystemMapping="true"
executionTimeout = "90000"
requestLengthDiskThreshold = "90000"
shutdownTimeout = "00:06:00"
appRequestQueueLimit="90000"
maxRequestLength="90000"
enable = "True" />
</system.web>
<system.web>
<customErrors mode="Off"/>
<compilation debug="true"/>
</system.web>
</configuration>
the form
<% validateForm "addscheduleform4.asp" %>
<form method="post" name="addUs">
<% validateError %>
<ALOT OF INPUTS>
<input type="submit" name="save" value="Submit" style="height:50px; width:200px">
</form>
After pressing submit, url as requested:
http://example.com/addscheduleform4.asp?102111=none&302121=1&202171=0&202122=0&102172=none&102123=none&302133=1&102231=none&302241=1&202242=0&102243=none&302253=1&102351=none&302361=1&302312=1&202362=0&202313=0&102363=none&302373=1&202541=0&102542=none&302552=1&202553=0&102721=none&302731=1&202732=0&102733=none&302743=1&202911=0&102961=none&302971=1&102912=none&302922=1&202972=0&202923=0&102973=none&203011=0&103061=none&303071=1&103012=none&303022=1&203072=0&203023=0&103073=none&203131=0&103132=none&303142=1&203143=0&203251=0&103252=none&303262=1&303213=1&203263=0&203621=0&103671=none&103622=none&303632=1&203633=0&104021=none&304031=1&204032=0&104033=none&304043=1&104141=none&304151=1&204152=0&104153=none&304163=1&202111=0&102161=none&302171=1&102112=none&302122=1&202172=0&202123=0&102173=none&202231=0&102232=none&302242=1&202243=0&202351=0&102352=none&302362=1&302313=1&202363=0&102531=none&302541=1&202542=0&102543=none&302553=1&202721=0&102771=none&102722=none&302732=1&202733=0&302911=1&202961=0&202912=0&102962=none&302972=1&102913=none&302923=1&202973=0&303011=1&203061=0&203012=0&103062=none&303072=1&103013=none&303023=1&203073=0&103121=none&303131=1&203132=0&103133=none&303143=1&103241=none&303251=1&203252=0&103253=none&303263=1&103611=none&303621=1&203671=0&203622=0&103672=none&103623=none&303633=1&204021=0&104071=none&104022=none&304032=1&204033=0&204141=0&104142=none&304152=1&204153=0&302111=1&202161=0&202112=0&102162=none&302172=1&102113=none&302123=1&202173=0&102221=none&302231=1&202232=0&102233=none&302243=1&102341=none&302351=1&202352=0&102353=none&302363=1&202531=0&102532=none&302542=1&202543=0&102711=none&302721=1&202771=0&202722=0&102772=none&102723=none&302733=1&102951=none&302961=1&302912=1&202962=0&202913=0&102963=none&302973=1&103051=none&303061=1&303012=1&203062=0&203013=0&103063=none&303073=1&203121=0&103171=none&103122=none&303132=1&203133=0&203241=0&103242=none&303252=1&203253=0&203611=0&103661=none&303671=1&103612=none&303622=1&203672=0&203623=0&103673=none&104011=none&304021=1&204071=0&204022=0&104072=none&104023=none&304033=1&104131=none&304141=1&204142=0&104143=none&304153=1&102121=none&302131=1&202132=0&102133=none&302143=1&102241=none&302251=1&202252=0&102253=none&302263=1&202311=0&102361=none&302371=1&102312=none&302322=1&202372=0&202323=0&102373=none&202551=0&102552=none&302562=1&302513=1&202563=0&102731=none&302741=1&202742=0&102743=none&302753=1&202921=0&102971=none&102922=none&302932=1&202933=0&203021=0&103071=none&103022=none&303032=1&203033=0&203141=0&103142=none&303152=1&203153=0&303211=1&203261=0&203212=0&103262=none&303272=1&103213=none&303223=1&203273=0&203631=0&103632=none&303642=1&203643=0&104031=none&304041=1&204042=0&104043=none&304053=1&104151=none&304161=1&304112=1&204162=0&204113=0&104163=none&304173=1&202121=0&102171=none&102122=none&302132=1&202133=0&202241=0&102242=none&302252=1&202253=0&302311=1&202361=0&202312=0&102362=none&302372=1&102313=none&302323=1&202373=0&102541=none&302551=1&202552=0&102553=none&302563=1&202731=0&102732=none&302742=1&202743=0&102911=none&302921=1&202971=0&202922=0&102972=none&102923=none&302933=1&103011=none&303021=1&203071=0&203022=0&103072=none&103023=none&303033=1&103131=none&303141=1&203142=0&103143=none&303153=1&103251=none&303261=1&303212=1&203262=0&203213=0&103263=none&303273=1&103621=none&303631=1&203632=0&103633=none&303643=1&204031=0&104032=none&304042=1&204043=0&204151=0&104152=none&304162=1&304113=1&204163=0&102131=none&302141=1&202142=0&102143=none&302153=1&102251=none&302261=1&302212=1&202262=0&202213=0&102263=none&302273=1&202321=0&102371=none&102322=none&302332=1&202333=0&302511=1&202561=0&202512=0&102562=none&302572=1&102513=none&302523=1&202573=0&102741=none&302751=1&202752=0&102753=none&302763=1&202931=0&102932=none&302942=1&202943=0&203031=0&103032=none&303042=1&203043=0&203151=0&103152=none&303162=1&303113=1&203163=0&103211=none&303221=1&203271=0&203222=0&103272=none&103223=none&303233=1&203641=0&103642=none&303652=1&203653=0&104041=none&304051=1&204052=0&104053=none&304063=1&204111=0&104161=none&304171=1&104112=none&304122=1&204172=0&204123=0&104173=none&202131=0&102132=none&302142=1&202143=0&202251=0&102252=none&302262=1&302213=1&202263=0&102311=none&302321=1&202371=0&202322=0&102372=none&102323=none&302333=1&102551=none&302561=1&302512=1&202562=0&202513=0&102563=none&302573=1&202741=0&102742=none&302752=1&202753=0&102921=none&302931=1&202932=0&102933=none&302943=1&103021=none&303031=1&203032=0&103033=none&303043=1&103141=none&303151=1&203152=0&103153=none&303163=1&203211=0&103261=none&303271=1&103212=none&303222=1&203272=0&203223=0&103273=none&103631=none&303641=1&203642=0&103643=none&303653=1&204041=0&104042=none&304052=1&204053=0&304111=1&204161=0&204112=0&104162=none&304172=1&104113=none&304123=1&204173=0&102141=none&302151=1&202152=0&102153=none&302163=1&202211=0&102261=none&302271=1&102212=none&302222=1&202272=0&202223=0&102273=none&202331=0&102332=none&302342=1&202343=0&102511=none&302521=1&202571=0&202522=0&102572=none&102523=none&302533=1&102751=none&302761=1&302712=1&202762=0&202713=0&102763=none&302773=1&202941=0&102942=none&302952=1&202953=0&203041=0&103042=none&303052=1&203053=0&303111=1&203161=0&203112=0&103162=none&303172=1&103113=none&303123=1&203173=0&103221=none&303231=1&203232=0&103233=none&303243=1&203651=0&103652=none&303662=1&303613=1&203663=0&104051=none&304061=1&304012=1&204062=0&204013=0&104063=none&304073=1&204121=0&104171=none&104122=none&304132=1&204133=0&202141=0&102142=none&302152=1&202153=0&302211=1&202261=0&202212=0&102262=none&302272=1&102213=none&302223=1&202273=0&102321=none&302331=1&202332=0&102333=none&302343=1&202511=0&102561=none&302571=1&102512=none&302522=1&202572=0&202523=0&102573=none&202751=0&102752=none&302762=1&302713=1&202763=0&102931=none&302941=1&202942=0&102943=none&302953=1&103031=none&303041=1&203042=0&103043=none&303053=1&103151=none&303161=1&303112=1&203162=0&203113=0&103163=none&303173=1&203221=0&103271=none&103222=none&303232=1&203233=0&103641=none&303651=1&203652=0&103653=none&303663=1&204051=0&104052=none&304062=1&304013=1&204063=0&104111=none&304121=1&204171=0&204122=0&104172=none&104123=none&304133=1&102151=none&302161=1&302112=1&202162=0&202113=0&102163=none&302173=1&202221=0&102271=none&102222=none&302232=1&202233=0&202341=0&102342=none&302352=1&202353=0&102521=none&302531=1&202532=0&102533=none&302543=1&202711=0&102761=none&302771=1&102712=none&302722=1&202772=0&202723=0&102773=none&202951=0&102952=none&302962=1&302913=1&202963=0&203051=0&103052=none&303062=1&303013=1&203063=0&103111=none&303121=1&203171=0&203122=0&103172=none&103123=none&303133=1&103231=none&303241=1&203242=0&103243=none&303253=1&303611=1&203661=0&203612=0&103662=none&303672=1&103613=none&303623=1&203673=0&204011=0&104061=none&304071=1&104012=none&304022=1&204072=0&204023=0&104073=none&204131=0&104132=none&304142=1&204143=0&202151=0&102152=none&302162=1&302113=1&202163=0&102211=none&302221=1&202271=0&202222=0&102272=none&102223=none&302233=1&102331=none&302341=1&202342=0&102343=none&302353=1&202521=0&102571=none&102522=none&302532=1&202533=0&302711=1&202761=0&202712=0&102762=none&302772=1&102713=none&302723=1&202773=0&102941=none&302951=1&202952=0&102953=none&302963=1&103041=none&303051=1&203052=0&103053=none&303063=1&203111=0&103161=none&303171=1&103112=none&303122=1&203172=0&203123=0&103173=none&203231=0&103232=none&303242=1&203243=0&103651=none&303661=1&303612=1&203662=0&203613=0&103663=none&303673=1&304011=1&204061=0&204012=0&104062=none&304072=1&104013=none&304023=1&204073=0&104121=none&304131=1&204132=0&104133=none&304143=1&area=1&schedid=193&save=Submit&
ok so basically this was in general a complete wrong way of setting up the form, causing it to create a query string with characters in the thousands.
<form method="post" name="addUs" action="addscheduleform4.asp">
<ALOT OF INPUTS>
<input type="submit" name="Submit" value="Submit" style="height:50px; width:200px">
</form>
That is this correct way to set up that form to properly POST. if the post is not fully filled out properly, the form defaults to "GET".
the page it goes to was reading inputs as:
pp73 = getUserInput(request.querystring("30"&pidlocation&"73"),100)
when it should be
pp73 = getUserInput(request.form("30"&pidlocation&"73"),100)
So because of the improper form setup, request.form was not working causing me to change it to request.querystring, but now with a complete POST form method, it is now switched back to request.form, and pass data without querystrings, solving the long query issue
I'm creating a client insert form, in this form has a <asp:HiddenField/> named Id for save selected client id, but when I try submit form, it is on Page enableEventValidation="true" error, when I rename this HiddenField for any other Id, it's work
<asp:HiddenField runat="server" ID="Id" />
My form can submit success when I set enableEventValidation="false", but maybe I will need it in future
How to can I resolve this problem? keep HiddenField named Id
PrintScreen:
You've pretty much answered your own question. The only way to make this work is set enableEventValidation="false" or rename your HiddenField
Renaming it would be the best solution here, for security reasons
If you're are using framework 4.0 then entry in web.config ()
<configuration>
<system.web>
<pages validateRequest="false" />
</system.web>
</configuration>
If you're using framework 4.5 then entry in web.config (requestValidationMode="2.0")
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="2.0"/>
</system.web>
Link
This might not be the solution for your problem, but i was having same problem and solved it by checking for postback before binding data.
(!IsPostBack)
{
binddata(); //this was my gridview binding function
}
This error also occurs when there is another form on the page that does not contain runat = server. Please check if there is another form on the master page or the current page.
I have a field with nvarchar datatype to store UNICODE value. This field is bound to Repeater Control from which i am redirecting to other page on clicking the link. When this field contains the numeric value in field then, i get the correct QueryString and it displays the Redirected page. But, When it contains some unicode charater(Other than Number or English Character) then it show the value '?????' in QueryString of 'fhn'. How to get this UNICODE QueryString value as it is and display result?
In Repeater ItemTemplate:
<b>घर क्र./House No.</b><%# Eval("HouseNumber")%>
या पत्यावरील
In .cs file:
string HouseNumber = Request.QueryString["fhn"].ToString().Trim();
//here i get the '????' value if it contains unicode value.
Help appreciated!
Try changing it to something more like this:
<!-- Web.Config Configuration File -->``<configuration>
<system.web>
<customErrors mode="Off"/>
<globalization fileEncoding="iso-8859-1" requestEncoding="iso-8859-1"responseEncoding="iso-8859-1"/>
</system.web>
</configuration>
You'll have to be a more precise. You could set request and response encoding in your web.config file:
<system.web>
<globalization requestEncoding="iso-8859-1" responseEncoding="iso-8859-1" />
</system.web>
I'm trying to increase the execution timeout and file upload limit on my asp.net website but when i try to add
<httpRuntime
executionTimeout="110"
maxRequestLength="4096">
</httpRuntime>
i get the following errors:
Could not find schema information for the element 'httpruntime'.
Could not find schema information for the element 'executionTimeout'.
Could not find schema information for the element 'maxRequestLength'.
According to this msdn library link this is how I'm supposed to do it,so what am I missing here ?
Have you tried:
<location path="YourUploadPage.aspx">
<system.web>
<httpRuntime maxRequestLength="{your value here}"
executionTimeout="{your value here}" />
</system.web>
</location>
means, <httpRuntime> section should be inside <system.web> or <location><system.web> sections.