[Mono-list] Request-Error
Gonzalo Paniagua Javier
gonzalo at ximian.com
Tue Aug 9 08:41:54 EDT 2005
On Sat, 2005-08-06 at 12:57 +0200, Jan Waiz wrote:
> In an aspx-File i receive in the Page_Load via
> this.Request.QueryString[“ID”];
> a Paramter without any Problem.
> When trying to call an other aspx-File via:
> this.Response.Redirect( “MyForm.aspx” );
> I got an Runtime-Error:
>
> A potentially dangerous Request.Form value was detected from the
> client
You can disable that behavior by setting the @Page attribute
ValidateRequest to false. It's value is set to true by default as a mean
to protect programmers from themselves. If you set that to false you
have to know what you're doing with the input you get. Specifically,
UrlEncode/UrlDecode or HtmlEncode/HtmlDecode the values before sending
them back to the user to prevent XSS attacks.
-Gonzalo
More information about the Mono-list
mailing list