Have you ever experience the following error in ASP .NET?
A potentially dangerous Request.Form value was detected from the client
Then you are one like me. Then you should now that one of the values of your elements (<inputs> or <button> or <textarea>) has html elements on it. Example is bellow:
<input type=’text’ name=’content’ value='<script language=”javascript”>alert(“Hello World!”);</script>’/>
Then you should also know that this error is persisting because the values given above might be an XSS attack. If you are sure that you want to accept this type of values on your dabatase you may explicitly remove this validation by adding this tag to your page’s masterpage or 1st line of tag.
validateRequest=”false”
If you are on ASP .NET MVC you can add this to your model, assuming that your model has the content variable.
[AllowHtml]
public string content = String.Empty;
Thanks hope it help you allot. Also if you are not familiar with XSS attacks, I will try to make an article for that so you can create your own script that is hack-able, be able to prevent it, and know what are it’s crons.
God Bless!