Solve the 'potentially dangerous Request.Form value detected from the client' error in asp.net

When submitting the form, asp.net prompts: "A potentially dangerous Request.Form value was detected from the client (...)". The request validation feature in asp.net provides a certain level of protection against XSS attacks. The request validation in asp.net is enabled by default. This gives solutions for various versions of .net.

　 Usual solution for asp.net 2.0

Solution 1:

Add ValidateRequest="false" to the page item in the .aspx file, as follows:

　<%@ Page ValidateRequest="false" Language="C#" AutoEventWireup="true" CodeFile="test2.aspx.cs" Inherits="test2" %>

Option 2:

Modify the web.config configuration file

　<system.web> 
    　　<pages validateRequest="false" >   
    　　</pages>   
　　</system.web>

Summary: validateRequest This sentence we know is to turn off verification, and This means that ASP.NET will not report an error when submitting values ​​with tags such as bold. It is recommended to use option one here, because the option only modifies the test.aspx page; and if you use option two, the entire solution will become ValidateRequest="false".

　Asp.net 4.0 solution

　The method for 4.0 and 2.0 is the same, but it should be noted that starting from .Net Framework 4.0, asp.net begins to forcefully detect Request parameter security, and we can restore 2.0 by modifying Web.config version of the model.

　The method is as follows:

　Modify Web.config and add the requestValidationMode="2.0" attribute value

　<system.web>
    　　<httpRuntime requestValidationMode="2.0" />
    　　<pages validateRequest="false"></pages>
　　</system.web>

　There is an additional requestValidationMode in 4.0. What does this mean?

　 requestValidationMode has two values:

2.0 only enables request validation for web pages. Whether enabled or disabled depends on validateRequest.

4.0 Default. Any HTTP request will enable request verification, which means not only web pages, but also cookies, etc. Enabled now, regardless of validateRequest value.

Since requestValidationMode="4.0" is forcibly enabled, we will find that request validation cannot be turned off in .NET Framework 4.0 just by setting validateRequest. We must also set requestValidationMode to 2.0.