When i try to get values with tags ie:"<HTML>", "<Script>" from TextBox i get this error
A potentially dangerous Request.Form value was detected from the client (TextBox="<html></html>").
any idea about how to avoid this?!yep, it's simple.
Up in the <%@Page... just add this -> validateRequest="false"
HOWEVER, you do need to realise why this setting restricts you in default.
Basically, if you allow someone to include there own html tags in a given text
eg: <b>Words</b>... there's nothing to stop them from doing this
<b>Words</b><script>for(i=1;i<=1000;i++){window.open("www.mysite.com")}</script>
If you wanted to then display it to the screen, you can encode and decode the text to make it display without doing any bad stuff.Well i found that there's you must do something else, or if the users typed something like this:
<script language="javascript">alert('anything')</script>
it will be executed and wont be saved as text, to avoid this
Server.HtmlEncode(TextBox.Text)
I dont think the page will even get to the part where it can get the value of a textbox without the validateRequest="false"sure wt i mean is that you must add this code not to execute the tags the user enter
A potentially dangerous Request.Form value was detected from the client (TextBox="<html></html>").
any idea about how to avoid this?!yep, it's simple.
Up in the <%@Page... just add this -> validateRequest="false"
HOWEVER, you do need to realise why this setting restricts you in default.
Basically, if you allow someone to include there own html tags in a given text
eg: <b>Words</b>... there's nothing to stop them from doing this
<b>Words</b><script>for(i=1;i<=1000;i++){window.open("www.mysite.com")}</script>
If you wanted to then display it to the screen, you can encode and decode the text to make it display without doing any bad stuff.Well i found that there's you must do something else, or if the users typed something like this:
<script language="javascript">alert('anything')</script>
it will be executed and wont be saved as text, to avoid this
Server.HtmlEncode(TextBox.Text)
I dont think the page will even get to the part where it can get the value of a textbox without the validateRequest="false"sure wt i mean is that you must add this code not to execute the tags the user enter