I am close to launching my first Umbraco site, but am just running through the last-minute testing (if anybody has a check-list of things to do before launch, that would also be great!)
I tried being a 'hacker' and entering dangerous stuff in my search form and contact form, which .NET blocked with a big yellow error page and the following error:
A potentially dangerous Request.Form value was detected from the client (Subject="test <b> 'haha").
I have Googled this error and found many solutions where people post ways of disabling this error, but I am concerned that if I do, it will allow malicious data to be posted, as I don't (knowingly) have anything in place to safely handle it.
I am using uContactor for the contact form, and the search facility is based on the tutorial here.
In my previous days developing in classic ASP, it was just a case of HTML-Encoding the request (and replacing a few naughty characters such as < and > etc) but I would appreciate some advice on the best way to handle such things on an ASP.NET MVC / Umbraco site, as it's still very new to me.
(I don't want to prevent people from entering these things, just for the site to handle it safely and gracefully). Thank you.
Safely handling form data
I am close to launching my first Umbraco site, but am just running through the last-minute testing (if anybody has a check-list of things to do before launch, that would also be great!)
I tried being a 'hacker' and entering dangerous stuff in my search form and contact form, which .NET blocked with a big yellow error page and the following error:
I have Googled this error and found many solutions where people post ways of disabling this error, but I am concerned that if I do, it will allow malicious data to be posted, as I don't (knowingly) have anything in place to safely handle it.
I am using uContactor for the contact form, and the search facility is based on the tutorial here.
In my previous days developing in classic ASP, it was just a case of HTML-Encoding the request (and replacing a few naughty characters such as < and > etc) but I would appreciate some advice on the best way to handle such things on an ASP.NET MVC / Umbraco site, as it's still very new to me.
(I don't want to prevent people from entering these things, just for the site to handle it safely and gracefully). Thank you.
is working on a reply...