A potentially dangerous Request.QueryString value was detected from the client when sending html markup from jquery post call to asp.net page

Question 1

A potentially dangerous Request.QueryString value was detected from the client when sending html markup from jquery post call to asp.net page

asp.net jquery ajax security asp.net-ajax

Shyju · Oct 7, 2010 · Viewed 78.5k times · Source

Answer

Answer

If this is ASP.NET 4, there was a breaking change with ValidateRequest. See this StackOverflow question for more information on requestValidationMode.

Question 2

I m making an ajax call using jQuery to an ASP.NET page which acts as my ajax server page to save the data which i am sending to it in the query string. In the ASP.NET page when i am trying to read the querystring i am getting this error:

A potentially dangerous Request.QueryString value was detected from the client...

I have set the ValidateRequest="false" in my page. Dont want to set it for all the pages. So did it in page level instead of config level:

  var content = "<h3>Sample header</h3><p>sample para</p>"
  content = encodeURIComponent(content);
  var url = "../Lib/ajaxhandler.aspx?mode=savecontent&page=home&ltxt=" + content;

     $.post(url, function (data) { 
       //check return value and do something
   });

and in my asp.net page:

 <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ajaxhandler.aspx.cs" ValidateRequest="false" Inherits="MyProject.Lib.ajaxhandler" %>

But when i am sending plain text instead of the html markup, it works fine.

A potentially dangerous Request.QueryString value was detected from the client when sending html markup from jquery post call to asp.net page

Answer

Related questions