| Rob Schieber 2005-09-30, 6:59 pm |
| veenakj@gmail.com wrote:
> Hi
>
> Code snippet
> --------------
> strErrMsg = "Could not find a part of the path
> \"C:\\Temp\\data\\Test.xml\"." }
>
> Server.Transfer("Message.aspx?errormsg=" + Server.UrlEncode(lsErrMsg));
> ---------------
>
> I'm getting "potentially dangerous Request.Form value was detected
> from the client " error message
>
> I browses several sites and found people discuusing abt < and >
> characters. But in my above string i do not have any of that
> characters.
>
> What is potentially dangerous string in the above string.
> What is the solution.
> Please let me know
>
> Thanks
> Veena
>
This is basically a pre-emptive attempt by IIS to prevent cross-site
scripting attacks, buffer-overflows etc... In the past IIS was riddled
with these types of holes. My guess is that the number of backslashes
and periods is causing IIS to think that someone is trying to post
malicious code. You can turn this off by setting
validateRequest="false". For your page.
--
Rob Schieber
|