Home/ Questions/Q 812061
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T01:08:41+00:00

I am working on ASP.NET3.5 platform. I have used a file upload control and

  • 0

I am working on ASP.NET3.5 platform.
I have used a file upload control and a asp button to upload a file.
Whenever i try to upload a file which contain special characterlike (file#&%.txt) it show
crash and give the messeage 

--------------------------------------------------------------------------------
Server Error in 'myapplication' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Files value was detected from the client 
 (filename="...\New Text &#.txt").
Description: Request Validation has detected a potentially dangerous client input
value, and processing of the request has been aborted. This value may indicate an
attempt to compromise the security of your application, such as a cross-site 
scripting attack. You can disable request validation by setting 
validateRequest=false in the Page directive or in the configuration section. 
However, it is strongly recommended that your application explicitly check all 
inputs in this case. 

Exception Details: System.Web.HttpRequestValidationException: A potentially 
dangerous Request.Files value was detected from the client 
      (filename="...\New Text &#.txt").

Source Error: 

An unhandled exception was generated during the execution of the current web 
request. Information regarding the origin and location of the exception can be
identified using the exception stack trace below.  

--------------------------------------------------------------------------------

how can i prevent this crash using javascript at client side?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A very simple solution is to validate the filename on click of the button (or some other control) that triggers upload like this and stop upload if there is some problem with filename:

    <asp:FileUpload ID="fu1" runat="server" />
<asp:Button ID="btn" runat="server" CausesValidation="true" Text="Click" 
           OnClientClick="return ValidateFileName();" /> 

<script type="text/javascript">
    function ValidateFileName() {
        var fu = document.getElementById("<%= fu1.ClientID %>");
        var f = fu.value + "";
        if ((f.indexOf("#", 0) >= 0) || (f.indexOf("$", 0) >= 0) ||
              (f.indexOf("%", 0) >= 0) || (f.indexOf("^", 0) >= 0)) {
            alert("Filename: [" + f + "] contains invalid char");
            return false;//will stop button click event here
        }

        return true;
    }
</script>
    • 0