.NET 2 / classic VB: RequestValidation = false alternatives

M

muhaha

New Member
I am experiencing an issue with a web app that is frequently spewing out the following style error with just a single aspx page:\[code\]Browser: IEUrl Referrer: redactedUser Host 1.1.1.1User Host Name: 1.1.1.1Last Error: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w..."). at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)Stack Trace: at System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_front_closingques_default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)Source: System.WebMessage: A potentially dangerous Request.Form value was detected from the client (ctl11$lbl="...na Redacte w...").\[/code\]Normally, I would suspect that the user must have done something dumb like put an HTML tag in there, but this happens frequently and no HTML tags are reported in the email.I know that I can turn off \[code\]ValidateRequest\[/code\] using the \[code\]RequestValidation="false"\[/code\] \[code\]Page\[/code\] directive, but that is also undesirable because I want some validation, just not over-sensitive validation.Is there some way I can override the default implementation of \[code\]ValidateRequest\[/code\]? Has anybody run into \[code\]ValidateRequest\[/code\] erroneously producing errors before? Finally, does anybody know what the implementation of \[code\]ValidateRequest\[/code\] even looks like?
 
You must log in or register to reply here.
Back
Top