Home/ Questions/Q 4113680
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T22:21:24+00:00

While doing some hacking on my own site I encountered (after some googling) a

  • 0

While doing some hacking on my own site I encountered (after some googling) a common problem.

“A potentially dangerous Request.Form value was detected from the client may it be a XSS attempt or a malicious character

case 1 : A potentially dangerous Request.Form value was detected from the client (Firstname ="<script> alert("x");...").

case 2 : A potentially dangerous Request.Form value was detected from the client (*).

The asp mvc team did a good job catching the error for me but how do I show a nicer error to my users. for example “Something happened, please repeat your steps, if this messegage appears again please contact person x …”.

Solution for asp MVC developers.

  1. Create an ErrorController with a Index
  2. Add the following line to your web.config :

<customErrors mode="On" defaultRedirect="~/Error/Index"/>

  1. Write tests to check the controller operations.
  2. Don’t forget to create the actual view.

Optional you might want to put mode=”RemoteOnly”

Note for more information on CustomErrors attributes : customErrors Element

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s not MVC-specific. ASP.Net webforms will give you the same error.

    I think you should use Custom Error Pages. Custom error pages are defined in Web.config like: 

    <customErrors mode="RemoteOnly" defaultRedirect="~/Error.aspx"/>

    For more information about custom error pages, visit http://aspnetresources.com/articles/CustomErrorPages

    Also, you can handle Global.asax Application_Error event to do whatever you want.

    Microsoft has a very nice article including source code which does exactly what you want to do (and more). check it out at http://support.microsoft.com/kb/306355

    • 0