Thread: Request Validation Exception

recently moved our site to a new host and everything is working fine except for trying to update topics now returns the following server error (from the HTML in the description field)

Server Error in '/' Application.

A potentially dangerous Request.Form value was detected from the client (Description="<table border="0" ce...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />. After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. For more information, see http://go.microsoft.com/fwlink/?LinkId=153133.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (Description="<table border="0" ce...").


Stack Trace:


[HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (Description="<table border="0" ce...").]
System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) +8730676
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection nvc, RequestValidationSource requestCollection) +122
System.Web.HttpRequest.get_Form() +114
System.Web.HttpRequest.get_HasForm() +8896047
System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
System.Web.UI.Page.ProcessRequest() +78
System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context context) +21
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.localsonly_topics_aspx.ProcessRequest(HttpCont ext context) +4
System.Web.CallHandlerExecutionStep.System.Web.Htt pApplication.IExecutionStep.Execute() +100
System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean& completedSynchronously) +75

anyone have any ideas why this would start happening?

thnx
ae

Did u ever get an answer? I have a similar problem. clients need to enter HTML in extension data fields for products in order for a custom module to draw HTML from them

Your new hosting is probably on .NET 4.0 which changed the way request validation works. The fix is in the details.

To allow pages to override application request validation settings, set the requestValidationMode attribute in the httpRuntime configuration section to requestValidationMode="2.0". Example: <httpRuntime requestValidationMode="2.0" />.

After setting this value, you can then disable request validation by setting validateRequest="false" in the Page directive or in the <pages> configuration section.

I did have a case where this didn't work for just one page but setting it on the <pages> section in the web.config will fix it. Unfortunately, it disables request validation for the entire site.

We had this issue when "mark order as shipped" and "mark as printed" in the admin. To correct we:

1. Modified the web.config for the /admin folder -
Added <httpRuntime requestValidationMode="2.0" />

2. Modified the page settings on orders.aspx
Added validateRequest="false" to the page