Thanks Michael for your reply.
I am looking for similar scenarios and how that can be handled?
e.g. showing some custom message or disallow users to enter such text input.
client side validation via RegEx of some kind, so you can then show a custom warning text and prevent form submission
Catch the exception in you global.asax Application_Error method. If you implement a "unhandled exceptions Handler" in your global.asax file, as described here, you will actually get in there with an exception of type
System.Web.HttpRequestValidationException
So you can make a check on the exception type, and if you get that specific type, you can display your custom message, redirect to a specific error page, etc.
remove the built-in validation from your config file and do the validation yourself at the server side. This allows you to handle this anyway you want, but you have to make sure that your validation rules are bullet-proof ;-)
And never forget to use "Html Encoding" when displaying the data.
A potentially dangerous Request.QueryString value was detected from the client.
Hi,
I have a search functionality where I want to secure user inputs.
While unit testing, I have entered "
" and the page goes to "A potentially dangerous Request.QueryString value was detected from the client (s="script>alert('hello...")."
When searching keyword home, url looks like
http://localhost/search/?s=home
Can anyone guide me on this, how can I secure my page from malicious attacks?
Already tried adding
<httpRuntime requestValidationMode="2.0">
into web.configUsing Umbraco 7.5.11 assembly: 1.0.6274.27352
Thanks in advance.
Hi Ritesh,
From what I read, it seems your page is secured already since it returned an error when you tried to enter malicious input data.
Or do you want to have the possibility to actually search on such "malicious words"?
Cheers,
Michael.
Thanks Michael for your reply. I am looking for similar scenarios and how that can be handled? e.g. showing some custom message or disallow users to enter such text input.
Hi Ritesh,
Here are a few ideas that come to my mind:
client side validation via RegEx of some kind, so you can then show a custom warning text and prevent form submission
Catch the exception in you global.asax Application_Error method. If you implement a "unhandled exceptions Handler" in your global.asax file, as described here, you will actually get in there with an exception of type
So you can make a check on the exception type, and if you get that specific type, you can display your custom message, redirect to a specific error page, etc.
Hope this helps.
Cheers,
Michaël.
Old question, but if anyone stumbles upon this, you can use below code in web config to entirely removing validation for specific folders files
Source: https://qawithexperts.com/questions/303/a-potentially-dangerous-requestform-value-was-detected-from Hope it helps.
is working on a reply...