failed to fix: A potentially dangerous Request.Form value was detected from the client

Question

When I try to add a text like <p>example</p> to Product_Text cell of a product in Tbl_Product, I receive this message: A potentially dangerous Request.Form value was detected from the client.

Although I put <httpRuntime requestValidationMode="2.0" /> and <pages validateRequest="false" /> to <system.web> in web.config, I am continuing to receive the error message.

have you tried setting the attribute to the property or Action method? https://stackoverflow.com/a/17258129/814352 — CodingSlayer, Sep 12 '19 at 19:18
Including Validate="false" at the top of my webforms aspx page fixed the problem for me. — Andrew Reese, Sep 26 '19 at 19:04

sthurston · Accepted Answer · 2019-09-13T03:07:01.123

1

You need to use HtmlEncode when inserting html into the database. So something like:

var productText = Server.HtmlEncode("<p>example</p>");

in your code behind should work.

edited Sep 13 '19 at 03:07

answered Sep 12 '19 at 22:20

sthurston

81
2

this looks like a solution. – Arya Sep 14 '19 at 11:15
That error should have absolutely nothing to do with encoding the HTML when inserting into the database since that error happens on the form submit, NOT internally when saving to the DB. – Charles Boyung Jan 05 '22 at 21:22

failed to fix: A potentially dangerous Request.Form value was detected from the client

1 Answers1