I understand why the exception ” “A potentially dangerous Request.Form value…” occurs and why it’s useful. I would like to put client-side validators on my page that check if the input contains < > ON= or whatever else may trigger this exception. The problem is, I don’t know all the characters or strings that trigger the exception. Is there a list of the triggers some where? I can’t seem to find it, only questions/answers relating to the exception itself and how to handle it.

Also, should a request come from an external source, not my form, how can I tell and how can I handle it? Does Asp.NET do this automatically? Would a hidden field work or can hackers get around that?

An information you can give (including links) is appreciated.

UPDATE:

For anyone interested, I came up with a regex that will match any string with these characters.

(^((?=.*&#).*)$)|(^((?=.*<).*)$)|(^((?=.*>).*)$)

However, when you submit a form, even fields that are in a separate validation group than the button clicked are passed to the server and if any invalid text is in those fields, you get the exception. So, I decided to use an Ajax FilteredTextBoxExtender to block those chars from TextBoxes. Another alternative would be to use a JavaScript keyup function on all the TextBoxes. However, the smart user can disable the JavaScript of both of these and they are not completely reliable.