I have a form that have many text fields and all are being validated, I also added the NiceEdit plugin to be able to format text in my text areas, but it is raising errors like:
A potentially dangerous Request.Form value was detected from the client
Now I can simply go to the top of the page and in the page directive add ValidateRequest="false" but this will deprive me from all the validation that I really need, so how can I switch validation OFF for my text areas ???
VB.net, ASP.net 3.5, VWD 2008 Express…
Thanks
The
ValidateRequestsetting turns off/on built-in validation against a predefined set of dangerous values. HTML strings are considered dangerous because they could potentially be used to submit and initiate XSS/HTML injection attacks.Your question appears to imply that you have mistaken this property to have an effect on the validation controls of your page. That is not accurate.
Since you presumably want to allow users to submit HTML via the “NiceEdit” plugin, I can think of two ways of doing this:
Turn off
ValidateRequestfor the page and handle validation manually. Check for the dangerous values before the form is submitted.Keep
ValidateRequeston for the page, but on the client, just before the page is submitted, use Javascript to encode the HTML value in the relevant textarea (if necessary, perform a Regex replace on all “<” and “>” characters) and then only allow a submit.The latter method is demonstrated on Mads Kristensen’s blog and here.