Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I have a search functionality where I want to secure user inputs.
<form action="@urlToSearch" id="searchform" method="get">
<input type="text" id="s" name="s" value="@searchText" placeholder='Search' />
<input type="submit" value="" id="searchsubmit" class="button avia-font-entypo-fontello" />
While unit testing, I have entered "
" and the page goes to "A potentially dangerous Request.QueryString value was detected from the client (s="script>alert('hello...")."
When searching keyword home, url looks like http://localhost/search/?s=home
Can anyone guide me on this, how can I secure my page from malicious attacks?
Already tried adding <httpRuntime requestValidationMode="2.0"> into web.config
Using Umbraco 7.5.11 assembly: 1.0.6274.27352
Thanks in advance.
From what I read, it seems your page is secured already since it returned an error when you tried to enter malicious input data.
Or do you want to have the possibility to actually search on such "malicious words"?
Thanks Michael for your reply.
I am looking for similar scenarios and how that can be handled?
e.g. showing some custom message or disallow users to enter such text input.
Here are a few ideas that come to my mind:
client side validation via RegEx of some kind, so you can then show a custom warning text and prevent form submission
Catch the exception in you global.asax Application_Error method. If you implement a "unhandled exceptions Handler" in your global.asax file, as described here, you will actually get in there with an exception of type
So you can make a check on the exception type, and if you get that specific type, you can display your custom message, redirect to a specific error page, etc.
Hope this helps.
Old question, but if anyone stumbles upon this, you can use below code in web config to entirely removing validation for specific folders files
<pages validateRequest="false" />
<httpRuntime requestValidationMode="2.0" />
Hope it helps.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted