yh_ink posted on Friday, October 06, 2006

my web form comes up with this error

A potentially dangerous Request.Form value was detected from the client (_ctl0:ContentData:txtpagetext="<p>Many thanks to ou...").

what i do is let users enter html tags .i set validate request to false in page directive.It works fine when i submit data.Now in the same form i load the data in a text box based on selection .when i try to modify and then save back it comes but with this problem.

please help

AdrenalineWerks replied on Friday, October 06, 2006

ASP.NET validates the post back fields to help prevent scripting attacks. Here's an article that does a good job of explaining what you're running into:
http://www.asp.net/faq/RequestValidation.aspx

justncase80 replied on Monday, October 09, 2006

What a lot of sites do to allow users to do this is have a limited set of custom tags that a user can use to mark up thier data, you probably do not want to be displaying the raw html given by a user. So for example if you want to allow them to use a link instead of letting them type in <a href="...">Test</a> try making them enter [link href="..."]Test[/link] or [bold]Some bold text[/bold] etc.

yh_ink replied on Monday, October 09, 2006

i tried this out but the tags[] show up when displayed.links r not treated as links with[].

The problem what i am facing is data is storing with html tags.i dont have problem with storing data.i set validaterequest to false.after storing comesout with the potentially dangerous request message.

any suggestions...

david.wendelken replied on Tuesday, October 10, 2006

You store in the database what the user types in [bold], etc.

To display it, you do a search and replace for the appropriate html tag, then display the altered copy of the user's input.

yh_ink replied on Wednesday, October 11, 2006

Thanks!!!!!