Problem:
You have a text box in the page with the potential to insert text with HTML tags. When I inserted some text with tags and clicked a submit button to invoke the post back I got the script error.
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500
In my scenario, I was using ASP.NET 4.0 with Telerik RadAjaxPanel. The first suggestion I found when googling was to turn request validation off. But it did not fix my problem. So to find out the issue, I removed the RadAjaxPanel from the code. That is when I got the next error.
A potentially dangerous Request.Form value was detected from the client
When I googled this issue I found that apart from setting the request validation, if we are using ASP.NET 4.0 we further need to set the httpRuntime attribute requestValidationMode to 2.0.
Reason:
ASP.NET automatically validates incoming HTTP requests to prevent script-injection attacks. It prevents the server from accepting and storing content with un-encoded HTML. However, the developer has the ability to turn this feature off. When request validation is turned off, it is strongly recommended that input data is validated and HTML encode when necessary.
Solution:
To turn off request validation for a page, set ValidateRequest page attribute to false.
ValidateRequest="false"
To turn off request validation for the whole application, set the pages elements validateRequest attribute in the web.config to false.
If you are using ASP.NET 4.0, then set the httpRuntime attribute requestValidationMode to 2.0.
References:
A potentially dangerous Request.Form value was detected from the client
http://www.cryer.co.uk/brian/mswinswdev/ms_vbnet_server_error_potentially_dangerous.htm
ASP.NET Request Validation
http://www.asp.net/whitepapers/request-validation
You have a text box in the page with the potential to insert text with HTML tags. When I inserted some text with tags and clicked a submit button to invoke the post back I got the script error.
Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500
In my scenario, I was using ASP.NET 4.0 with Telerik RadAjaxPanel. The first suggestion I found when googling was to turn request validation off. But it did not fix my problem. So to find out the issue, I removed the RadAjaxPanel from the code. That is when I got the next error.
A potentially dangerous Request.Form value was detected from the client
When I googled this issue I found that apart from setting the request validation, if we are using ASP.NET 4.0 we further need to set the httpRuntime attribute requestValidationMode to 2.0.
Reason:
ASP.NET automatically validates incoming HTTP requests to prevent script-injection attacks. It prevents the server from accepting and storing content with un-encoded HTML. However, the developer has the ability to turn this feature off. When request validation is turned off, it is strongly recommended that input data is validated and HTML encode when necessary.
Solution:
To turn off request validation for a page, set ValidateRequest page attribute to false.
ValidateRequest="false"
To turn off request validation for the whole application, set the pages elements validateRequest attribute in the web.config to false.
If you are using ASP.NET 4.0, then set the httpRuntime attribute requestValidationMode to 2.0.
References:
A potentially dangerous Request.Form value was detected from the client
http://www.cryer.co.uk/brian/mswinswdev/ms_vbnet_server_error_potentially_dangerous.htm
http://www.asp.net/whitepapers/request-validation