Hmm, that's too bad - it seems reasonable to be able to say "no HTML allowed" nicely to the user, rather than give them the big yellow screen. But it makes sense from a security standpoint that it should be handled high up in the call stack.

For my app it's not a big deal - anyone savvy enough to try to enter HTML is savvy enough to deal with a BYS < g >

It's of academic interest but is there any relatively easy way to display a text URL as a hyperlink? Obviously it can be done - the UT does it (although only when the text is read-only). Does this require a 3rd party control, custom parsing, both ??

>Well, you really can't have it both ways <g>...
>
>As far as I know you can't capture this error inside of a page - it happens higher up in the ASP.NET pipeline before it ever gets to the page. If you look at the call stack you can see it's in the HTTP Request parsing that this fires. The only place you can handle this failure is in Application_Error in global.asax from which it's going to be real tough to provide page relevant information.
>
>
>+++ Rick ---
>
>
>
>>VS.NET 2003
>>
>>By default, ASP.NET/IIS doesn't allow HTML input into text boxes etc. If you do you get the nice yellow screen talking about cross-site scripting attacks etc.
>>
>>" Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case."
>>
>>I don't want to set validateRequest=false, I like the idea of this checking taking place. However, I'd like to trap this exception instead, preferably in a CustomValidator and put a message in ValidationSummary i.e. handle it like any other kind of input error. Is there a recommended technique to handle this?
>>
>>On a related note, some users are asking if URLs in text boxes can show as hyperlinks instead of plain text. Can this be done with plain-Jane ASP.NET controls?