A potentially dangerous Request.Form value was detected from the client in asp.net

By: Suresh Dasari Dec 4, 2011

Introduction:

In this post I will explain how to solve the problem “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms” using asp.net.

Description:

In previous post I explained clearly about Rich textbox sample in asp.net . After completion code if I try to insert some html formatted data in database using rich textbox I got error like “A potentially dangerous Request.Form value was detected from the client in ASP.NET WebForms”

Sample data I used to insert in database

<title>Untitled Page</title>

</head>

<body>

<div>

</div>

</form>

</body>

</html>

After enter the above formatted html data in Rich Textbox and I tried to insert data then I got error message like

Server Error in ‘/RichTextboxSample’ Application.

A potentially dangerous Request.Form value was detected from the client (remarks =”<html></html>”)

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (remarks="<html></html>5678,<c…").

Source Error:

An   unhandled exception was generated during the execution of the current web   request. Information regarding the origin and location of the exception can   be identified using the exception stack trace below.

This error occurs during insertion of html format data into database to eliminate this error we need to set ValidateRequest="false" in @Page line of web page or web.config file to solve security problems.

To solve this problem we need to add the ValidateRequest="false" in @Page line of web page like this

WebForms

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" ValidateRequest="false" %>

In this way we need to set ValidateRequest="false" in required pages otherwise we can set it globally to work for all the pages without having this error we need to add ValidateRequest="false" in web.config file under system.web section like this

Web.Config

<system.web>

………………………
<httpRuntime requestValidationMode="2.0" />

</pages>

………………………

</system.web>

After set this property in webpage or web.config my problem has sovled and my code works perfectly. I hope it helps to solve your problem.

Happy Coding………

If you enjoyed this post, please support the blog below. It's FREE!

Get the latest Asp.net, C#.net, VB.NET, jQuery, Plugins & Code Snippets for FREE by subscribing to our Facebook, Twitter, RSS feed, or by email.

Subscribe by RSS

Subscribe by Email

37 comments :

shekar said...: Great.It Worked me Suresh, thank you very much; December 6, 2011 at 10:35 PM
Akiii said...: it worked for me as well...thanks !; December 14, 2011 at 8:25 AM
Anonymous said...: thx..; December 16, 2011 at 12:34 AM
Anonymous said...: great.....thank you bhaii......; March 2, 2012 at 11:17 PM
Anonymous said...: still getting error even after adding; July 26, 2012 at 8:42 PM
Anonymous said...: hi
i am put this also but cant working; September 27, 2012 at 12:54 AM
Atul said...: hello suresh,after puting validaterequest="False" i am still getting these error...pls do something...

A potentially dangerous Request.Form value was detected from the client (MainContent_FreeTextBox1="abc").; October 2, 2012 at 4:47 AM
Atul said...: let it be...I correct it...by puting this also....your code was really helpful bro....thanx...; October 2, 2012 at 5:26 AM
Atul Yadav said...: hhhh; October 2, 2012 at 5:33 AM
Unknown said...: really its working... Thank you sir... keep it up...; December 19, 2012 at 10:57 PM
hermes said...: You help me solve the 'bad request' problem!; February 3, 2013 at 5:09 PM
Anonymous said...: tu,; February 15, 2013 at 4:12 AM
Aakash said...: i still cannot get rid of the potential dangerous error. sir, can u please help me out; March 29, 2013 at 12:11 PM
Jatin Waghela said...: This comment has been removed by the author.; April 8, 2013 at 6:16 AM
Anonymous said...: Thanks! :) It worked for me.

I am storing the contents of RichBox in table with datatype nvarchar(MAX),still it is storing only partial data from rich tb..Any idea what to do; April 8, 2013 at 6:17 AM
Anonymous said...: hi it's working for me thank u.; April 22, 2013 at 11:52 PM
submit said...: I try it, but I can not find the bad Request.; April 27, 2013 at 12:10 AM
Unknown said...: Dear Suresh,
I add validateRequest="false" in web config,design aspx page.But still the same error occured.Please Can you guide me; May 27, 2013 at 12:53 AM
Anonymous said...: Dear suresh,
its not working for me.please provide another solution.; May 28, 2013 at 10:55 PM
Unknown said...: This comment has been removed by the author.; July 25, 2013 at 3:00 AM
Unknown said...: set
validationmode=2.0
then it will work; July 25, 2013 at 3:02 AM
Anonymous said...: sir,
i am inserting html code in database and i want to retrieve plain text
so sir plz tell me how to convert html code into plain text

one more thing sir plz tell me the name of the control(facebook) which u use in your website in right side; August 12, 2013 at 5:58 AM
Brijesh H. Vishwakarma said...: thx..; October 4, 2013 at 10:12 PM
bharath said...: this is not working....i still get the same error.; October 24, 2013 at 4:23 AM
Supdt. of Posts said...: if you add validateRequest="false" there is a possibility of XSS attack and website getting hacked.; November 13, 2013 at 11:47 PM
Unknown said...: I have added the same but still i am getting the same error...; December 2, 2013 at 11:33 PM
sakthideveloper said...: A potentially dangerous Request.Form value was detected from the client (FreeTextBox1="sdsadfsaf").
this error is coming after giving ValidateRequest="false" in iis. but it working in visual studio environment
Could you please help in this; January 16, 2014 at 5:23 AM
Mohammad Nawaz said...: how can i print freetext box data on crystal report

because it wad didnt show as it i save on database
help me

it shows ram is
like this
how to print as it is
i m using mysql -: text (datatype); May 12, 2014 at 10:57 PM
Anonymous said...: After set this property in webpage or web.config my problem has solved and my code works perfectly. I hope it helps to solve your problem.; July 17, 2014 at 5:12 AM
Anonymous said...: thankx; February 22, 2015 at 11:48 PM
Unknown said...: Great sir i done solve the problems of your article.; September 10, 2015 at 5:35 AM
Khurram Shahzad said...: How we can edit the saved data?; June 9, 2016 at 2:25 AM
Anonymous said...: HI

any can help me how to add Rich text box dll file in my project.; October 25, 2016 at 2:37 AM
Anonymous said...: Without doing validateRequest=false can able to solve the issue another way.is it possible????; March 10, 2017 at 3:07 AM
Unknown said...: how we can upload images from local drive..???; May 31, 2017 at 9:12 PM
Anonymous said...: Is there any way to solve the issue without setting ValidateRequest=false?; December 1, 2017 at 12:51 AM
Md Sarfraz Alam said...: i want to only specific page validation false not all application so please help me; February 18, 2018 at 10:46 PM