A potentially dangerous Request.Form value was detected from the client

J

Josh Sale

In the application that I'm developing, I stuff the XMLData from a
client-side spread sheet into a hidden text control so that I can process it
in my ASP.Net code on the server.

However, unless I disable request validation on the page, I get the
following error message:

A potentially dangerous Request.Form value was detected from the client


My question is, is there some other way of getting the xml from the client
to the server code that will bypass this error message? I'd rather not
disable request validation for obvious reasons.

TIA,

josh

p.s. Sorry for the previous post. The message got sent before it was
complete.
 
J

Josh Sale

I've turned off request validation on this web page for the moment ... but
that's not my preferred solution.

It seems a "natural" part of many OWC application life cycles is to get a
speadsheet's worth of data from the client back to the server. There is a
site on the web (yours?) that suggests stuffing the spreadsheet contents
back into a hidden field and posting it back. As the web page author points
out, the lack of native persistence is annoying but not too difficult to
work around.

However, it seems like you should be able to work around it without turning
off an important security feature of ASP.Net.

So I guess this is an open issue for me.

Thank you for asking!

josh


Alvin Bruney said:
did you resolve this issue?

--
Regards,
Alvin Bruney [ASP.NET MVP]
Got tidbits? Get it here...
http://tinyurl.com/3he3b
Josh Sale said:
In the application that I'm developing, I stuff the XMLData from a
client-side spread sheet into a hidden text control so that I can
process
it
in my ASP.Net code on the server.

However, unless I disable request validation on the page, I get the
following error message:

A potentially dangerous Request.Form value was detected from the client


My question is, is there some other way of getting the xml from the client
to the server code that will bypass this error message? I'd rather not
disable request validation for obvious reasons.

TIA,

josh

p.s. Sorry for the previous post. The message got sent before it was
complete.
 
A

Alvin Bruney [MVP]

In your case, why don't you just replace the offending material with a
pattern character to get around the validation issue. So you could do
something like
string str = spreadsheet1.CSVDATA
str = str.replace ('funky character', 'special format characters');

on the server remember to clean up
str = str.replace ('special format characters','funky character');

I think it yells about "<" braces and some other stuff. The specifics of
what it yells about are kept hard coded in a file.

--
Regards,
Alvin Bruney [ASP.NET MVP]
Got tidbits? Get it here...
http://tinyurl.com/3he3b
Josh Sale said:
I've turned off request validation on this web page for the moment ... but
that's not my preferred solution.

It seems a "natural" part of many OWC application life cycles is to get a
speadsheet's worth of data from the client back to the server. There is a
site on the web (yours?) that suggests stuffing the spreadsheet contents
back into a hidden field and posting it back. As the web page author points
out, the lack of native persistence is annoying but not too difficult to
work around.

However, it seems like you should be able to work around it without turning
off an important security feature of ASP.Net.

So I guess this is an open issue for me.

Thank you for asking!

josh


Alvin Bruney said:
did you resolve this issue?

--
Regards,
Alvin Bruney [ASP.NET MVP]
Got tidbits? Get it here...
http://tinyurl.com/3he3b
Josh Sale said:
In the application that I'm developing, I stuff the XMLData from a
client-side spread sheet into a hidden text control so that I can
process
it
in my ASP.Net code on the server.

However, unless I disable request validation on the page, I get the
following error message:

A potentially dangerous Request.Form value was detected from the client


My question is, is there some other way of getting the xml from the client
to the server code that will bypass this error message? I'd rather not
disable request validation for obvious reasons.

TIA,

josh

p.s. Sorry for the previous post. The message got sent before it was
complete.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top