Potentially Dangerous Request.Form? Error

Please support our ASP.NET advertiser: Intel Parallel Studio Home
Reply

Join Date: Jun 2005
Posts: 28
Reputation: jerMAn is an unknown quantity at this point 
Solved Threads: 0
jerMAn jerMAn is offline Offline
Light Poster

Potentially Dangerous Request.Form? Error

 
0
  #1
Jun 27th, 2005
When I run my crawler once it works on any page. Run it again on another page or the same page and I get this error
  1. Server Error in '/WebApplication5' Application.
  2. --------------------------------------------------------------------------------
  3.  
  4. A potentially dangerous Request.Form value was detected from the client (txtBody="...e customer’s experience,...").
  5. Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
  6.  
  7. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (txtBody="...e customer’s experience,...").
  8.  
  9. Source Error:
  10.  
  11. An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
  12.  
  13. Stack Trace:
  14.  
  15.  
  16. [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (txtBody="...e customer’s experience,...").]
  17. System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName)
  18. System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName)
  19. System.Web.HttpRequest.get_Form() +113
  20. System.Web.UI.Page.GetCollectionBasedOnMethod()
  21. System.Web.UI.Page.DeterminePostBackMode()
  22. System.Web.UI.Page.ProcessRequestMain()
  23. System.Web.UI.Page.ProcessRequest()
  24. System.Web.UI.Page.ProcessRequest(HttpContext context)
  25. System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
  26. System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  27.  
  28.  
  29.  
  30.  
  31. --------------------------------------------------------------------------------
  32. Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

At this point it's simply reading a string. html/text that has already been imported.

I know because the error always occurs in the same spot. After the AspTear Component has been closed.

I do have some Google Ads on my page that might cause this error, I'm guessing.

Here is the Sub where the error is occuring if it's helpful:
  1. Private Sub Extract_Body()
  2. Dim strBody
  3. Dim lenBody
  4. Dim chkBody
  5. Dim arrBody
  6. Dim lenStr
  7. Dim i
  8. On Error Resume Next
  9.  
  10. strBody = Left(strRetval, InStr(strRetval, LCase("</body")) - 1)
  11. chkBody = InStr(strBody, LCase("<body"))
  12. lenBody = Len(strBody)
  13. strBody = Right(strBody, lenBody - chkBody + 1)
  14.  
  15. arrBody = Split(strBody, ">")
  16. lenBody = UBound(arrBody)
  17. For i = 0 To lenBody
  18. strBody = Left(arrBody(i), InStr(arrBody(i), "<"))
  19. strBody = Replace(strBody, "<", "")
  20. txtBody.Text = txtBody.Text & strBody & vbCrLf
  21. Next i
  22.  
  23.  
  24. End Sub

Maybe I will try discarding the Google Script
( Probably a good idea anyway )
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 28
Reputation: jerMAn is an unknown quantity at this point 
Solved Threads: 0
jerMAn jerMAn is offline Offline
Light Poster

Re: Potentially Dangerous Request.Form? Error

 
0
  #2
Jun 27th, 2005
Well I studied the error and found a WorkAround.
  1. disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

  1. <%@ Page validateRequest=false .....

Not real happy with the idea, but it looks like the only option for now.
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 40
Reputation: guru_sarkar is an unknown quantity at this point 
Solved Threads: 6
guru_sarkar guru_sarkar is offline Offline
Light Poster
 
0
  #3
Oct 16th, 2009
Reply With Quote Quick reply to this message  
Reply

Message:


Thread Tools Search this Thread



About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC