Tuesday, June 28, 2011

ASP.NET : A potentially dangerous Request.Form value was detected from the client


I get this message all the time especially when knocking up quick Web applications to test some WIF concept.
The solution is to add the following in the web.config:
 <system.web>
    <pages validateRequest="false" />
    <httpRuntime requestValidationMode="2.0" />
    ...

Update:

It may help to  add:

validateRequest="false"

in the Page directive as well (This is the first line of your .aspx file).

Also, refer this discussion over on stackoverflow.

Enjoy!

No comments: