0

I have a website and someone (every time the same) is trying to send me a message through a textbox (he adds some html code where he shouldn't) and the error is raised.

Unfortunately, all I can get are messages like this one ="...chemistry http://cra..." so it`s no way that I can understand what he try to tell me.

My question is: how I can expand that text characters length limit or handle my own error so I can get the whole message?

ssilas777
  • 9,476
  • 4
  • 43
  • 66
Nițu Alexandru
  • 705
  • 1
  • 10
  • 32
  • http://stackoverflow.com/questions/9130186/a-potentially-dangerous-request-form-value-was-detected-from-the-client – ssilas777 Jan 18 '14 at 10:07
  • Not the same. I want the error to appear, but I want to know what the request is (basically the text entered in the textbox). – Nițu Alexandru Jan 18 '14 at 10:16

1 Answers1

0

In your Global.asax, put an Application_Error event handler in to catch all errors that occur, which should include this one.

Sub Application_Error(object sender, EventArgs e)
{
   var ex = Server.GetLastError();
   if (ex != null)
      //Log it
}
Brian Mains
  • 50,194
  • 35
  • 142
  • 253
  • This is the current code, but the error message is like this: A potentially dangerous Request.Form value was detected from the client (ctl00$ctl00$ContentPlaceHolder1$hdnMessage="...chemistry – Nițu Alexandru Jan 18 '14 at 15:53
  • OK, if hdnMessage contains a ` – Brian Mains Jan 20 '14 at 00:40
  • The html text is injected and is intended. it is a message so I am curious about what is it. It is injection indeed and the error should be displayed, but I would like to know the html text which is injected. Thank you! – Nițu Alexandru Jan 28 '14 at 17:29
  • It won't tell you which HTML text unfortunately. And you can check the Request.FOrm collection, but that might not have the suspecting value. That can be the challenge with ASP.NET; they have all these features to "help" you, but they don't always help you. – Brian Mains Jan 29 '14 at 13:48