I m making an ajax call using jQuery to an ASP.NET page which acts as my ajax server page to save the data which i am sending to it in the query string. In the ASP.NET page when i am trying to read the querystring i am getting this error:
A potentially dangerous Request.QueryString value was detected from the client...
I have set the ValidateRequest="false"
in my page. Dont want to set it for all the pages. So did it in page level instead of config level:
var content = "<h3>Sample header</h3><p>sample para</p>"
content = encodeURIComponent(content);
var url = "../Lib/ajaxhandler.aspx?mode=savecontent&page=home<xt=" + content;
$.post(url, function (data) {
//check return value and do something
});
and in my asp.net page:
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ajaxhandler.aspx.cs" ValidateRequest="false" Inherits="MyProject.Lib.ajaxhandler" %>
But when i am sending plain text instead of the html markup, it works fine.
If this is ASP.NET 4, there was a breaking change with ValidateRequest
. See this StackOverflow question for more information on requestValidationMode
.