1

I have a textbox which I need to enter html code into (like < strong> or < em> for example).

The trouble is this is causing an error writing this back to the database.

A potentially dangerous Request.Form value was detected from the client (tbVOther="< strong>test

Is there a way around this without turning off the request validation setting?

Improve this question
3
  • 1
    possible duplicate of [A potentially dangerous Request.Form value was detected from the client ](stackoverflow.com/questions/81991/…) Commented Jan 19, 2011 at 13:08
  • I would agree its a duplicate. Commented Jan 19, 2011 at 14:57
  • Yeah, I searched for the wrong thing... Should have searched for the actual error message I got. Commented Jan 19, 2011 at 15:29

3 Answers 3

Reset to default
1

At the top of your page you'll need to set the following property:

 <%@ Page ValidateRequest="false" etc.... %>

Validate Request will make sure that these values can be posted back to the server. But keep in mind that there are reasons why this is set to true by defailt and you should be careful to make sure people can't submit javascript functions/calls, etc... through your editor.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It might be easier sanitising the input via Javascript replacing the offending characters with safe ones i.e replacing <> with ^ instead

Improve this answer

Comments

0

There is a server setting to prevent posting of HTML that need to be switched of for this to work, I do not remebre where though.

Just make sure that you do correct sanitisation on your own before admitting to the database ;)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.