Re: Error
From: Victor Garcia Aprea [MVP] (vga@NOobiesSPAM.com)
Date: 04/22/03
- Next message: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
- Previous message: Victor Garcia Aprea [MVP]: "Re: Error"
- In reply to: Jeff: "Re: Error"
- Next in thread: Victor Garcia Aprea [MVP]: "Re: Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> Date: Mon, 21 Apr 2003 19:13:15 -0300
>>>> We will just distribute 1.0 for the time being since we
>>>> cannot just change a ton of code
You don't need to touch your existing code. Take a look at the previous
threads where I noted how to disable this feature.
-- Victor Garcia Aprea Microsoft MVP | ASP.NET "Jeff" <jeff@kavera.com> wrote in message news:05f101c30851$7a833c20$2f01280a@phx.gbl... > Well we found our better answer, we have dot.net 1.0 on > our CD and our customers have just been sent a notice to > not upgrade to Microsofts latest due to security concerns. > > We will just distribute 1.0 for the time being since we > cannot just change a ton of code and have a release on no > notice when MS decides to make these sorts of changes. > > So much for compatibility, went thru the same thing with > MFC 1.0, should have known it was coming. > > >-----Original Message----- > >This is a feature? In our case we are storing a one > >element xml chunk in a control and we are supposed to > >disable a whole security level to do it? > > > >Talk about overkill. How about try again for a better > >answer? Like how do we edit the list of things it should > >check? > > > >>-----Original Message----- > >>Its a new feature in ASP.NET v1.1, targeted to prevent > >cross-site scripting > >>attacks. Its enabled by default and thats why your site > >stopped working. > >>Basically what it does is to examine the Forms, > >QueryString and Cookies > >>collection for content considered dangerous (ie. > <script> > >tags, etc), if any > >>of these collections contain an item with "dangerous" > >data, an exception is > >>thrown and the request is aborted. It seems like the > data > >you're posting > >>contains content considered "dangerous" by ASP.NET and > >that is why its > >>aborting the request. > >> > >>-- > >>Victor Garcia Aprea > >>Microsoft MVP | ASP.NET > >> > >>"Ashok" <abc@newsgroup.com> wrote in message > >>news:O9DUCetADHA.3208@TK2MSFTNGP11.phx.gbl... > >>> Thanks for your reply. Can you please explain more on > >this. > >>> Client request (vb app) had a POST with query string > >parameters and was > >>> working with .Net framework 1.0. > >>> Stopped working when i upgraded to 1.1. > >>> > >>> "Victor Garcia Aprea [MVP]" <vga@NOobiesSPAM.com> > wrote > >in message > >>> news:egPpZJtADHA.33548@TK2MSFTNGP10.phx.gbl... > >>> > Hi Askhok, > >>> > > >>> > You can disable this at the Page level by setting > the > >RequestValidate > >>> > attribute of the Page directive to false, ie: > >>> > <% @Page RequestValidate="false" %> > >>> > > >>> > or at the application level by setting the > >RequestValidate attribute of > >>> the > >>> > pages element to false, ie: > >>> > > >>> > <pages ValidateRequest="false"> > >>> > > >>> > You should double check the decision of disabling > >this as its usually > >>not > >>> a > >>> > good idea, > >>> > > >>> > -- > >>> > Victor Garcia Aprea > >>> > Microsoft MVP | ASP.NET > >>> > > >>> > "Ashok" <abc@newsgroup.com> wrote in message > >>> > news:#1dSuDtADHA.3144@TK2MSFTNGP11.phx.gbl... > >>> > > I get following error on server when i am trying > to > >write file to > >>> request > >>> > > stream from client. Please help > >>> > > > >>> > > {System.Web.HttpRequestValidationException} > >>> > > [System.Web.HttpRequestValidationException]: > >>> > > {System.Web.HttpRequestValidationException} > >>> > > HelpLink: Nothing > >>> > > InnerException: Nothing > >>> > > Message: "A potentially dangerous Request.Form > >value was detected > >>> from > >>> > > the client (?<?xml version="...="yes"?> > >>> > > <myroot>)." > >>> > > Source: "System.Web" > >>> > > StackTrace: " at > >System.Web.HttpRequest.ValidateString(String s, > >>> > > String valueName, String collectionName) > >>> > > at > >>> > System.Web.HttpRequest.ValidateNameValueCollection > >(NameValueCollection > >>> > > nvc, String collectionName) > >>> > > at System.Web.HttpRequest.get_Form() > >>> > > at System.Web.UI.Page.GetCollectionBasedOnMethod > >() > >>> > > at System.Web.UI.Page.DeterminePostBackMode() > >>> > > at System.Web.UI.Page.ProcessRequestMain() > >>> > > at System.Web.UI.Page.ProcessRequest() > >>> > > at System.Web.UI.Page.ProcessRequest > (HttpContext > >context) > >>> > > at > >>> > > > >>> > > >>> > >>System.Web.CallHandlerExecutionStep.System.Web.HttpApplic > a > >tion+IExecutionSte > >>> > > p.Execute() > >>> > > at System.Web.HttpApplication.ExecuteStep > >(IExecutionStep step, > >>> Boolean& > >>> > > completedSynchronously)" > >>> > > TargetSite: > >{System.Reflection.RuntimeMethodInfo} > >>> > > > >>> > > thanks > >>> > > > >>> > > > >>> > > > >>> > > >>> > > >>> > >>> > >> > >> > >>. > >> > >. > >
- Next message: Bassel Tabbara [MSFT]: "RE: UNC file share and NTLM user identity"
- Previous message: Victor Garcia Aprea [MVP]: "Re: Error"
- In reply to: Jeff: "Re: Error"
- Next in thread: Victor Garcia Aprea [MVP]: "Re: Error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
