How to take action on Potentially Dangerous

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

How to take action on Potentially Dangerous

Message

22/05/2006 13:35:55

Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada

22/05/2006 10:52:14

Keith Payne
Technical Marketing Solutions
Floride, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

Code, syntaxe and commandes

Titre:

Re: How to take action on Potentially Dangerous

Versions des environnements

Environment:

VB 8.0

OS:

Windows XP SP2

Database:

Visual FoxPro

Divers

Thread ID:

01123870

Message ID:

01124022

Vues:

>There is a setting called ValidateRequest that you can set to turn this feature on and off. The setting is in Machine.config, web.config, and can be set in the @ Page directive.
>
>There is not an event hook for this, but it throws an HttpRequestValidationException that you can intercept in a Try/Catch block. I'm not too sure where to put the Try/Catch. You can also look for the error in the Global.asax Application_Error event.

After looking more at what causes this, I found that the memo field contains some HTML characters such as B and BR. .NET handles those characters automatically on form display and postback if we enter them as encoded. This resolves the issue. I do not feel ok to workaround this issue by changing the top level and opening that door. I made some tests. If I enter the opening character of a tag as encoded, it is saved ok and shown ok on the way back. I will have a procedure which will apply some conversions on the client data once we go in production. Thanks

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Répondre

Fil

Voir

Click here to load this message in the networking platform