Re: Error
From: Victor Garcia Aprea [MVP] (vga@NOobiesSPAM.com)
Date: 04/22/03
- Previous message: Jeff: "Re: Error"
- In reply to: Jeff: "Re: Error"
- Next in thread: Jeff: "Re: Error"
- Reply: Jeff: "Re: Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> Date: Mon, 21 Apr 2003 19:11:14 -0300
> This is a feature?
Sure it is.
> In our case we are storing a one
> element xml chunk in a control and we are supposed to
> disable a whole security level to do it?
You're suppose to add a one line entry to your config file if you want to
disable this feature, I dont think this is too hard.
> Talk about overkill.
I don't see anything overkill here.
> How about try again for a better
> answer? Like how do we edit the list of things it should
> check?
There is no list to edit. I could paste the docs here but I dont see much
sense in doing so. You could take a look at ASP.NET 1.1 docs to find out how
this feature works, its really pretty simple.
-- Victor Garcia Aprea Microsoft MVP | ASP.NET > > >-----Original Message----- > >Its a new feature in ASP.NET v1.1, targeted to prevent > cross-site scripting > >attacks. Its enabled by default and thats why your site > stopped working. > >Basically what it does is to examine the Forms, > QueryString and Cookies > >collection for content considered dangerous (ie. <script> > tags, etc), if any > >of these collections contain an item with "dangerous" > data, an exception is > >thrown and the request is aborted. It seems like the data > you're posting > >contains content considered "dangerous" by ASP.NET and > that is why its > >aborting the request. > > > >-- > >Victor Garcia Aprea > >Microsoft MVP | ASP.NET > > > >"Ashok" <abc@newsgroup.com> wrote in message > >news:O9DUCetADHA.3208@TK2MSFTNGP11.phx.gbl... > >> Thanks for your reply. Can you please explain more on > this. > >> Client request (vb app) had a POST with query string > parameters and was > >> working with .Net framework 1.0. > >> Stopped working when i upgraded to 1.1. > >> > >> "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> wrote > in message > >> news:egPpZJtADHA.33548@TK2MSFTNGP10.phx.gbl... > >> > Hi Askhok, > >> > > >> > You can disable this at the Page level by setting the > RequestValidate > >> > attribute of the Page directive to false, ie: > >> > <% @Page RequestValidate="false" %> > >> > > >> > or at the application level by setting the > RequestValidate attribute of > >> the > >> > pages element to false, ie: > >> > > >> > <pages ValidateRequest="false"> > >> > > >> > You should double check the decision of disabling > this as its usually > >not > >> a > >> > good idea, > >> > > >> > -- > >> > Victor Garcia Aprea > >> > Microsoft MVP | ASP.NET > >> > > >> > "Ashok" <abc@newsgroup.com> wrote in message > >> > news:#1dSuDtADHA.3144@TK2MSFTNGP11.phx.gbl... > >> > > I get following error on server when i am trying to > write file to > >> request > >> > > stream from client. Please help > >> > > > >> > > {System.Web.HttpRequestValidationException} > >> > > [System.Web.HttpRequestValidationException]: > >> > > {System.Web.HttpRequestValidationException} > >> > > HelpLink: Nothing > >> > > InnerException: Nothing > >> > > Message: "A potentially dangerous Request.Form > value was detected > >> from > >> > > the client (?<?xml version="...="yes"?> > >> > > <myroot>)." > >> > > Source: "System.Web" > >> > > StackTrace: " at > System.Web.HttpRequest.ValidateString(String s, > >> > > String valueName, String collectionName) > >> > > at > >> > System.Web.HttpRequest.ValidateNameValueCollection > (NameValueCollection > >> > > nvc, String collectionName) > >> > > at System.Web.HttpRequest.get_Form() > >> > > at System.Web.UI.Page.GetCollectionBasedOnMethod > () > >> > > at System.Web.UI.Page.DeterminePostBackMode() > >> > > at System.Web.UI.Page.ProcessRequestMain() > >> > > at System.Web.UI.Page.ProcessRequest() > >> > > at System.Web.UI.Page.ProcessRequest(HttpContext > context) > >> > > at > >> > > > >> > > >> > >System.Web.CallHandlerExecutionStep.System.Web.HttpApplica > tion+IExecutionSte > >> > > p.Execute() > >> > > at System.Web.HttpApplication.ExecuteStep > (IExecutionStep step, > >> Boolean& > >> > > completedSynchronously)" > >> > > TargetSite: > {System.Reflection.RuntimeMethodInfo} > >> > > > >> > > thanks > >> > > > >> > > > >> > > > >> > > >> > > >> > >> > > > > > >. > >
- Previous message: Jeff: "Re: Error"
- In reply to: Jeff: "Re: Error"
- Next in thread: Jeff: "Re: Error"
- Reply: Jeff: "Re: Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
