ASP.NET Webforms - "A potentially dangerous Request.Form value was detected from the client"

5
votes

I'm getting the following error when I submit html in a textarea "A potentially dangerous Request.Form value was detected from the client." How do I disable this type of security validation to just one field and not the entire page/website. What I do NOT want to do is set validateRequest to false for an entire page/website.

EDIT: I need a solution for .NET Framework 3.5

1
asp.netwebforms.net-3.5
Have you thought of just encoding/decoding that value?Brad M
Yes but what's the best way of implementing this solution? Should I just overwrite the value of the control with its HTML encoded value and then decode it on PageLoad? I'm using Telerik's RadEditor (WYSIWYG) control and I'm not sure if I will inadvertently break something by fiddling with its values.burnt1ce
No idea, but if you're using telerik, there should be some magical setting that allows it. I would suggest contacting telerik or searching their documentation for a solution.Brad M

1 Answers

4
votes

In .NET 4.5 you can use the ValidateRequestMode property to exclude fields from Request Validation.

However in .NET 4 and Lower this cannot be done, and you must either validate the entire request or not.