A potentially dangerous Request.Form value was detected from the client

Topics: Business Logic Layer
Sep 9, 2010 at 12:29 AM
Edited Sep 9, 2010 at 12:32 AM

Hi all,

I am receiving this error.  All I did was go in create a new entry and put I am testing this in the editor box.

I know programming wise if I go in and turn off validateRequest=false then that will solve the problem.

However, since it is a blog and comments are allowed, I would prefer not to do this.  Because that does offer a limited security for people trying to hack.

Personally I am surprised the developers did not use encoding and decoding to store the data.  Makes me wonder about how hackable the comment area is.

Any one have any thoughts?



This is what is stored in the db

 <p>I am testing this...

Ooops! An unexpected error has occurred.

This one's down to me! Please accept my apologies for this - I'll see to it that the developer responsible for this happening is given 20 lashes (but only after he or she has fixed this problem).

Error Details:

Url : http://localhost:49417/Ponderings/admin/Pages/Add_entry.aspx

Raw Url : /Ponderings/admin/Pages/Add_entry.aspx

Message : A potentially dangerous Request.Form value was detected from the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent="



Source : System.Web

StackTrace : at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)

at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection)

at System.Web.HttpRequest.get_Form()

at System.Web.HttpRequest.get_Item(String key)

at BlogEngine.Core.Web.HttpModules.CompressionModule.context_PostReleaseRequestState(Object sender, EventArgs e) in D:\Projects\Be-1610\BlogEngine\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:line 62

at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

TargetSite : Void ValidateString(System.String, System.String, System.Web.Util.RequestValidationSource)


Sep 9, 2010 at 7:45 AM

Hi ,

Please follow this :

Go to your webconfig

Under httpruntime tag add requestValidationMode="2.0" property.

This will sort your problem.


Have a nice Day