In this post I will explain how to solve the problem “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms” using asp.net.
In previous post I explained clearly about Rich textbox sample in asp.net . After completion code if I try to insert some html formatted data in database using rich textbox I got error like “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms”
Sample data I used to insert in database
<form id="form1" runat="server">
After enter the above formatted html data in Rich Textbox and I tried to insert data then I got error message like
Server Error in ‘/RichTextboxSample’ Application.
A potentially dangerous Request.Form value was detected from the client (remarks =”<html></html>”)
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (remarks="<html></html>5678,<c…").
This error occurs during insertion of html format data into database to eliminate this error we need to set ValidateRequest="false" in @Page line of web page or web.config file to solve security problems.
To solve this problem we need to add the ValidateRequest="false" in @Page line of web page like this
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" ValidateRequest="false" %>
In this way we need to set ValidateRequest="false" in required pages otherwise we can set it globally to work for all the pages without having this error we need to add ValidateRequest="false" in web.config file under system.web section like this
<httpRuntime requestValidationMode="2.0" />
After set this property in webpage or web.config my problem has sovled and my code works perfectly. I hope it helps to solve your problem.